{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:fe180bb2-e149-5f78-ade7-e3751806c87e", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-jdbc", "version": "4.3.30.RELEASE-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:2ade279a-6139-5379-a2a0-3080e3b61ffd", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4960c099-78fd-568f-8299-33a3545933f3", "id": "CVE-2020-5397", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5397 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:14a77810-2c6e-50cf-843b-a9c2c9e70430", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1dbcc56d-477a-528d-acce-36cdb3412197", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:be7b2fcc-75c4-5a2e-94d8-b24e767a5a0c", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:45fd0a05-8bb4-59bd-aa92-68f2cc9e2b19", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:62ad2483-0d42-5a58-a321-f973e46d5788", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5054b5cc-9c00-598d-8146-8ef507385cd2", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:396ada74-0940-5120-89a1-69b04fa95265", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:65d2efc5-1766-5bc4-8914-fe1effd82f6d", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f657815a-d115-53d2-be92-87c34e9ddb6b", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d50a9a68-34ec-53a0-af2e-f3f265ad3dce", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:53041378-a83b-54cb-801b-c354268a1afd", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:84ed4689-deda-5746-a7d0-72fe26beed31", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d59af967-2f90-5682-b450-89a6469deb77", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f44d32a2-67c2-5a18-96af-c515aa9c953e", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d9a2e0f9-5c00-550b-b1a1-6180d69931cb", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a8bebfce-6e3b-594b-a9f3-ba8c0e825b71", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9fbead0d-098b-5ac5-9d5d-3aee35320c7f", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9e7a2bbc-10cd-58eb-afd3-3b8612bb1368", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7558b9de-c07c-5566-a9ce-6b13d481551e", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d0fcead3-197d-5f01-9102-2c82f565b397", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cd6360d8-aa7b-5140-bca9-6b43e5d48b0e", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5ae9d1d2-a259-5361-9bcb-a55bda88a3ef", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:abea36bf-0d00-509a-a34e-800d2a2c4828", "id": "CVE-2026-22740", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-22740 does not affect version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jdbc. CVE-2026-22740 is a WebFlux-specific vulnerability (reactive multipart temp-file cleanup in org.springframework.http.codec.multipart.MultipartHttpMessageReader / PartGenerator). Spring Framework 4.3.30.RELEASE predates WebFlux entirely - the org.springframework.http.codec package does not exist in this version, and there is no reactive multipart code path. Per NVD, affected versions are 5.3.x, 6.1.x, 6.2.x, 7.0.x only; Spring 4.x is not in the affected range." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9e4bf1ea-367e-5d6f-8b1b-464039a91e93", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2e870202-9227-596a-a2d1-495d9704b096", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:09cf27d5-a49a-5a22-aa6b-e43ecd75a4b3", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f40f46ca-0fdb-5c59-8337-9230e30509d0", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a4a81d2c-bca8-5d55-9d60-88f3eead2582", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:89df9956-04b9-5a3c-bf85-ee73fad8b035", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a2ef3031-1e96-508b-a965-20cf70a69449", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:225b50ff-d667-5160-9c74-ef7dfbc40c39", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:153c3ed3-4f33-5290-a524-5395179b7262", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ef24d160-de5e-583e-bd29-5fa43e83015b", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:79782005-0f82-5a1e-9ab5-4b33f7da6c45", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0bb8b80b-d2b4-557f-b47e-98ef9502c57a", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:33f98dec-5477-5e0a-a37f-92e0bafd2664", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ebbb6e25-790e-5fd9-b291-aa591e5147b6", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3bce397c-5002-5aac-b67d-40628c86ec59", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.3" } ] }