{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:7afb0533-ed35-5ea9-bead-1db2596b84a2", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-jdbc", "version": "4.3.30.RELEASE-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:49f07f67-30cf-56d0-abdc-954a74376642", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:86063947-84c8-5a57-99de-803da2b6b27c", "id": "CVE-2020-5397", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5397 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:12bc641b-48c2-5a7f-b8d7-fc5e834e50da", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:91234100-74ce-52dd-8f7d-4c4bc1527750", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:da103ff0-172a-57a2-a3e8-131cba4d9d22", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b7387a09-09a3-52a5-881d-e420865409f0", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d4e9f168-7822-5770-84df-219c5d38b3a5", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:984c3ec8-69ab-568a-a7a5-35a10528362d", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bc31a54e-ef0d-5b23-af6d-818bb66a49b6", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cf88b01f-87af-5342-8290-0933d8a86144", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:972654a9-dfb7-59c2-bfac-cda0d61aed40", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:75edc5eb-1f6d-5fe0-8165-d00849bd6d51", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a6199eaf-4d6b-59be-939f-2da22594726d", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:43e202c9-f9dd-50f3-84c1-ad7860c11326", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ca2ce039-10e8-5f86-be2a-49643373a712", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:aecafdb9-f5e7-5389-8f1b-03cf7eb0cc25", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c14389ae-c98c-5160-b67e-8893a994c98c", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d0b710e6-40a2-587a-bae6-c8df8606e14d", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:34366a7f-6087-548c-8456-2dc7d18fd6fb", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3cc42fed-f45b-589f-972d-52c3c6bce341", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ead4da38-3728-5f98-8074-d70be29bc2fc", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0a8bf64f-8da2-50dd-9708-f7daa2ae3df8", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:deffe9cd-ac01-5d55-ac12-d15179fdf1a9", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f64ff832-c67a-5f6d-a1c6-89bedee6a3b4", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:50085a0a-5028-5884-a3f5-95b799611289", "id": "CVE-2026-22740", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-22740 does not affect version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-jdbc. CVE-2026-22740 is a WebFlux-specific vulnerability (reactive multipart temp-file cleanup in org.springframework.http.codec.multipart.MultipartHttpMessageReader / PartGenerator). Spring Framework 4.3.30.RELEASE predates WebFlux entirely - the org.springframework.http.codec package does not exist in this version, and there is no reactive multipart code path. Per NVD, affected versions are 5.3.x, 6.1.x, 6.2.x, 7.0.x only; Spring 4.x is not in the affected range." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4c06e3b7-e2e7-5144-b45f-f019ebf1bb78", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c63738c8-07ef-5d4f-8f6f-74ce67d19712", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dffd46cc-0602-5663-ac41-cecf47095543", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:734ddf53-d346-52cb-88a6-7d67b947fe5e", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a8ab52bf-b42c-5aca-9148-3d57cc8a7692", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cbf91e50-9049-50e9-bfe1-de664cf11e22", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ef352301-a3c3-51dd-81b5-498b807b8162", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e62a32bd-1176-5cf6-80c6-0400cfaa1e0a", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e19ec9bf-c802-54c5-9181-040b14ae5a47", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b24b7406-55fe-54e7-97e6-11a81de92384", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9cbb95f7-b0ae-57ee-a915-4c4d735a6b67", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:109c06a0-f85b-57d4-91be-56b57f93f93e", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e7494d79-eb20-522f-9d7a-e12a2c4886cd", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b7effb14-c0fb-5fa5-bea6-755d147b3742", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ef305e02-598f-5f0c-b921-d9cbedf1573b", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.1" } ] }