{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:507c1c4a-b576-5a6f-94fd-cb547eb5f5e1", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-oxm", "version": "4.3.30.RELEASE-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:93674fbd-d72d-51bf-8d95-f59f44cb1f42", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ff5a0eb7-e63d-5d85-9828-6c1eb5886ef8", "id": "CVE-2020-5397", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5397 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0ddf727d-0267-5b85-bb74-db3673bb6bc7", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4795c686-dea2-5530-ab9f-4492e2a1c120", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c4180aae-4407-56aa-9fb8-9dfb272f5435", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8efb6ab5-6042-5562-b1cd-e850150713c0", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5d1d864e-8668-590e-b24e-f4f2a044beb9", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e19116a1-d9f7-58ca-8126-17d9581e6f02", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:847d887b-7f4b-5f4d-9108-2dae3ecd598d", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:953d357d-79d6-5993-82aa-5727b509c046", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e223e558-6a38-5024-9c15-8e8fc54e5a3c", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:407ad042-9a32-5251-b1e1-43df4f25c517", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cffde7f3-d313-59b3-b73d-cd838aadf79f", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:87faec0c-cf5f-5b5b-97e8-05891b0c0332", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:333f30aa-f229-5eaa-9875-41f35b86bf24", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:81080332-8211-5183-aa8f-7e4e854e19f4", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8bef24c9-b6c6-5faf-a810-9bf333ac239b", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:08e18214-1792-5ef0-ac28-ce32b3fd7c5e", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:425963ff-daf0-5b9b-a4d5-e3c57286449e", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bd11fe5f-359d-520d-83df-3756252325bc", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2ba25f59-8254-56b5-abc2-7dcd073f86a3", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6efb0359-4b97-5330-b894-6c1388b61ee0", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a6156fe5-31da-5df1-b433-7e7b57ee682d", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e52dc238-52a5-546c-a817-13cb6b3ac451", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:180c248d-db97-5cef-9f66-ad012ba1e9f2", "id": "CVE-2026-22740", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-22740 does not affect version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-oxm. CVE-2026-22740 is a WebFlux-specific vulnerability (reactive multipart temp-file cleanup in org.springframework.http.codec.multipart.MultipartHttpMessageReader / PartGenerator). Spring Framework 4.3.30.RELEASE predates WebFlux entirely - the org.springframework.http.codec package does not exist in this version, and there is no reactive multipart code path. Per NVD, affected versions are 5.3.x, 6.1.x, 6.2.x, 7.0.x only; Spring 4.x is not in the affected range." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f2ac8532-db3f-5a6e-a4b3-c433d8dea6c9", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2750568c-738b-502e-a903-b711627a13e1", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:336cf017-9849-515e-bf37-df50063a4dd0", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:73efa0f3-6eea-5765-ba0e-cfd29633ee06", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:39f1cfa6-fe88-5df9-a133-f707f64ce8b2", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ca813876-968c-505e-a2b9-51b0e9e794c8", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1895b1a3-caad-5000-ae4b-9c759ead7565", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4268a57c-3e4d-57cf-9a1a-0c42fdecfa45", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:73a50d6b-7c7e-5710-81c0-b71ed02e739b", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ba08c772-5bf6-5b62-bc77-9d80518f2579", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:256cc4d6-0a6b-59a2-9757-6a0ccd0ce045", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1e089d61-caa3-51d4-992e-2639cac00518", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7f8868c9-c4b7-5e8e-a581-452eb4c93fa7", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:728a525c-15bb-51da-8ab1-c465e1478039", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d29b8778-71a7-5855-a150-cbffab5a408f", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.1" } ] }