{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:4a040aed-d42a-54c4-bd02-de3bf9bc8f19", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-messaging@4.3.30.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-messaging", "version": "4.3.30.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-messaging@4.3.30.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:fe753e68-32ad-5f11-a7e7-e754394ba35c", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1ce0adb0-1942-55e7-8352-2137490bf0c1", "id": "CVE-2020-5397", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5397 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2adbad72-0b69-5b6a-857a-0baf493da144", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9b005a29-e7cf-5b48-8cbf-1b6c11c2e790", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2c8dfe97-db5f-5661-918d-dfbd9ce4047e", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4f735dcc-0a41-52ef-b1a5-0f5200d44a97", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8eb39591-1ae7-5ab4-a6ff-fefc70b967db", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b1a58bab-5a61-56d2-b9eb-5dd3f7e77e26", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1e94bc3b-5204-5120-a021-4c58b69ca6f9", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e0a80a8d-a2d3-5e1d-a812-157f69d6384d", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:717e8707-4bfb-5d00-aef1-a26474e14d4e", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:73b4f053-78b2-56f4-8055-91caa09ae273", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5214ab6e-9d1f-5dd0-8b66-16e6b9f93a34", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fd8ec350-eba2-5d2d-9eea-3efa16306a9f", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:50576762-52a8-534c-921e-53de2a7e87df", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d8eb9d32-858e-5935-9698-9e6aec0af0f6", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0d1f4575-34d9-5a79-a5ff-eaadfe0149b5", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9cacb534-ef03-5a1e-a34c-f261130b20a7", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6bd31e07-35fc-5e3b-baee-ed1b68eb0edd", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fee8adb6-e72b-5602-8611-2c459690c713", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f6e77002-1a9d-5a01-b1e5-572f2eae6b2f", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4f8920fa-ad5c-5eed-bd31-f5b492e7e05f", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:acf71e3a-2d8a-55c9-a4a0-8ff75cf36c69", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:97e46dda-a1f3-570e-a6f1-811850913d0b", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1ef0a74e-3ab1-5978-9294-c4067ccbf1ad", "id": "CVE-2026-22740", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-22740 does not affect version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-messaging. CVE-2026-22740 is a WebFlux-specific vulnerability (reactive multipart temp-file cleanup in org.springframework.http.codec.multipart.MultipartHttpMessageReader / PartGenerator). Spring Framework 4.3.30.RELEASE predates WebFlux entirely - the org.springframework.http.codec package does not exist in this version, and there is no reactive multipart code path. Per NVD, affected versions are 5.3.x, 6.1.x, 6.2.x, 7.0.x only; Spring 4.x is not in the affected range." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1f6c1057-fd0f-52e5-990f-63ebc6cac8b1", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:63b92630-202d-5e17-84d5-5df47f26c738", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8a3f6821-51b9-5616-8841-ff598647774a", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:80df384f-2017-5ed4-9059-82373b4024db", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:58d63f95-9a3a-5fa6-823f-a6b5862a5361", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:870bf4ad-bddf-5800-9f0a-d4dba6ea3aa6", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8c1dbef2-30a3-5eb9-8fab-1161490a6d1c", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1163d29e-2778-5ecf-aa60-774e97aa0caa", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:535c4325-e3f2-596f-8e7b-407ccf2ba525", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:18b86c45-770d-52ba-b66a-cd087d836eff", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:27b084ba-7fb3-5751-bcb1-4debec45081d", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:934c2fcd-152b-58c4-a11c-83251052ff55", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:276058ac-1caa-5650-aed6-1975d192ce64", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:32d27ebd-7a2a-5889-a9bb-c7e26c2a43a5", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3f983386-1a4c-57b4-a9aa-d9f7153cb64a", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.3.30.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.3.30.RELEASE-tuxcare.2" } ] }