{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:2dc4de60-0a44-59d1-bfda-04d04dc23780", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-jdbc", "version": "4.3.30.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:c5be1514-a5bb-5631-856b-6067931ce82c", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b6c23876-d03a-54ea-afa7-99bf30752151", "id": "CVE-2020-5397", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5397 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ed80613e-1b78-5086-aa61-26841a0313b4", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:24a4ebe8-a0f2-5a5a-9a36-0c80d659f2bc", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cf44eba7-91fd-53d2-aeba-5e0bc6e574ac", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e5314344-4747-5462-ae67-ab6056f8fc2d", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:37b97b56-760d-5067-822a-16fed13511d4", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fa28886a-91d6-575f-b7cc-2b7e9e915a20", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:625904fd-688d-5c40-8896-f306cc899bef", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:90412d35-1002-58b0-befb-a5e732497df3", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8cdae117-03e0-50e9-945d-59b2105ff705", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2bacaa91-5a6e-5330-82af-0abbdd58edd9", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5ca240c6-7faf-5176-87a3-1f98a7be929b", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f1f180cc-5497-5214-b0c8-c7dde742f11e", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:64f611a4-2a37-57dd-8d6a-aa90d511ae36", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a4445309-fec3-5f2a-8905-fb3fbdb9a870", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:03081030-341b-5926-b175-dc07f567263b", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:135722d6-703c-53f4-bf89-2740d459e43e", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c7ce7a07-0cc7-558e-b1bc-50381e6d3750", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b3d38ab1-304b-5feb-a34e-c5884426773e", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d61ff008-39e6-560c-a97f-487ca8e949c3", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cf02d06e-b1b0-50d4-acfe-0d4381862b07", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7abb1f98-4435-5d19-9624-8661360ffb43", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4efdd9f6-8869-5970-ada5-e1a069e4a18c", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5a86f215-c8d3-5a2a-a915-232ad277e600", "id": "CVE-2026-22740", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-22740 does not affect version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-jdbc. CVE-2026-22740 is a WebFlux-specific vulnerability (reactive multipart temp-file cleanup in org.springframework.http.codec.multipart.MultipartHttpMessageReader / PartGenerator). Spring Framework 4.3.30.RELEASE predates WebFlux entirely - the org.springframework.http.codec package does not exist in this version, and there is no reactive multipart code path. Per NVD, affected versions are 5.3.x, 6.1.x, 6.2.x, 7.0.x only; Spring 4.x is not in the affected range." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c62c6a41-3532-56ab-b956-69697a8a9833", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3ba6aff8-7f33-5e46-897e-1e99fea590f6", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:42b05fdc-3311-54f1-bdde-3afb3d09db8a", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d08bf979-1133-565a-abfb-f4372c2f1584", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bcd736eb-71d5-59e1-a50e-ca2a78e6648d", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7345c8b6-780d-542b-8a54-499da6209054", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c01fb829-573e-5d9e-9ae1-32fb25ef7964", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6e125da5-1395-5ed2-963f-b1d1470eb61a", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2636b4ad-d18d-559a-8a45-8547f86e6f52", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d012ff4c-c33d-51a9-9b58-fff962abbe6a", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:95ac01db-18de-50aa-bbc2-c14a644efe18", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cc2770c2-36d6-5571-ad30-f38d3baded12", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:11eea367-f7f7-5895-8e88-e75bd0b7c654", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:75b6d82c-6fd8-5c2f-a231-ba1ecfc19a33", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6ef5233b-7818-51b8-ad7b-8ff5ea6a86f5", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.2" } ] }