{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3d5f2661-429b-5499-8986-150358c6f2e3", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-oxm", "version": "4.3.30.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:ba269d31-99ca-5c77-be63-4a4416c9536e", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0dfa0607-65a3-5460-8355-d9278e1c51f1", "id": "CVE-2020-5397", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5397 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ba5640d8-ad4c-5728-9163-2d01dc5f618e", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2c3590fa-e4a5-504c-b243-de72f4cda2df", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7a9bd333-d76e-5e36-b3bc-fc3e06a26908", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e7213362-5563-56c2-b960-ef915f8057e5", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8962408f-a1f3-5f8b-bce5-62478e2884e4", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:66c17038-fe60-5233-9dd7-bc8c1746347b", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e61057ae-3e1d-5ff3-99a2-21b9504a1a46", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d294ab34-738b-5e99-a6f2-319aa6c40d7c", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f073aa9e-c1ed-50fb-a39a-f538eae64072", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:541a3fb8-c4ca-5e64-bae7-29f81a0caa3a", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2d2f8f3a-6337-5cdc-9108-12325aba92ed", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5c6d9009-5dea-5c71-a909-be80a9b5e978", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ee2dfbde-00d7-5d3a-8785-d559742b1a3f", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0aaeaaf1-0d41-53b6-998d-02b71c7c0850", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5773fb6c-679a-5aad-b1d8-6707334562ca", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d2c2644d-5d02-5a82-b666-dabd35d7d626", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b8f2ab3a-3d43-58e4-8112-8d446d6b746c", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8668d577-b4b4-5c03-9a2e-cd1473f98526", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c8c695d2-0824-50b1-b4e4-c853caefb144", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:40dc64d6-5a85-5efc-ba61-275d63a3a5a6", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3aadf4e7-6680-59e2-9bf3-6125bea582c0", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5e18a99b-2588-5857-b7fa-794aa4235761", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2c0b6fb4-7ec8-56d8-b682-592f6066b611", "id": "CVE-2026-22740", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-22740 does not affect version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-oxm. CVE-2026-22740 is a WebFlux-specific vulnerability (reactive multipart temp-file cleanup in org.springframework.http.codec.multipart.MultipartHttpMessageReader / PartGenerator). Spring Framework 4.3.30.RELEASE predates WebFlux entirely - the org.springframework.http.codec package does not exist in this version, and there is no reactive multipart code path. Per NVD, affected versions are 5.3.x, 6.1.x, 6.2.x, 7.0.x only; Spring 4.x is not in the affected range." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:37f218f3-9ffa-50be-a5bf-1a2d455e8f1c", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:53ff7061-20a2-534d-959a-d77453cec0e8", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c69ecbbf-6331-527d-94aa-fbe9f55cb7cd", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b5d1e160-cbaa-5d70-8419-21cb9d57cf94", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:de4bf957-3cfb-520e-abab-476830db3e84", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a3011fb4-5b90-5470-8de6-3b179331969a", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:17c7bf2f-a66c-5f47-88e7-bf3e7ddf8465", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:95096f4c-9eea-5a94-9b34-bfab9f7a926d", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4308933d-e408-5bfb-a603-a8b2170da1a1", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:feeef4f8-beca-569e-8474-a5826f1f1098", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2057e6ca-7ac2-55d6-bbf0-21fb4316523b", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3130ae05-4193-54d7-8e76-24d6ab01b625", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6ee4ef4d-82a6-5966-a4bc-d599183b90b0", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4111c3e7-a50e-56b1-901c-444c7080b376", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c4d8149d-c905-5146-8bb9-fb46a4184a3c", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.2" } ] }