{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:97afe4ee-d8c9-5796-a0ca-a0c9f68de5eb", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-test", "version": "4.3.30.RELEASE-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:428b843d-6748-5966-9279-841a5bc7b530", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:172f0f64-4c85-557b-9f20-1eb696695c7d", "id": "CVE-2020-5397", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5397 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:47c9b310-000a-553c-8820-93d62768a2b4", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e04b1093-5f6b-59b1-8f23-03b29e78b07c", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:870db7f0-9912-5f4c-ab56-15bf1686d171", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3dccbaad-95fb-57c3-8b0c-34d7cf6c0c7e", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:348abecb-ac9b-5430-9bd9-dddb08c1a85d", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fbfe24f0-d351-57ad-94e6-8608fed10ebb", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ab5756c4-155e-5c71-85e4-c500de71f569", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0fb49194-0f84-516c-a20b-e4adf9d869af", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:89ae804e-ed24-5572-bfa5-542a6c96a89e", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7c0d9b7a-5e36-5dfa-9302-1ff93f9ac80b", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f30861b9-5d35-57ed-aedd-8b963467dd5f", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a043e958-bdd7-5f4e-b179-20ce2ef8115c", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3f316d4e-f198-5585-964c-1962790e1d77", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bdb116d1-7e86-59aa-876a-f3ee643ea5e6", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7e92f078-e419-5b4c-bb20-b1a541615649", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b4543e8a-b0f2-5694-90e7-5cbb03624025", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b9cc4d0d-bd45-5234-a0b5-a172ecb98768", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:95cbb377-b54b-518c-bd48-53ade9cefa92", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:39333483-783b-56ff-94e7-05c6dc4fa813", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:62d4c00f-c0e7-5414-90f9-2eae56a53f06", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f79b01d8-9a61-5b20-a906-e7833436a6c3", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3cdcaea7-e76c-54ae-a760-17eac45d1c77", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a042591c-3cc1-510b-a6a5-0d2ef0b1d61e", "id": "CVE-2026-22740", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-22740 does not affect version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-test. CVE-2026-22740 is a WebFlux-specific vulnerability (reactive multipart temp-file cleanup in org.springframework.http.codec.multipart.MultipartHttpMessageReader / PartGenerator). Spring Framework 4.3.30.RELEASE predates WebFlux entirely - the org.springframework.http.codec package does not exist in this version, and there is no reactive multipart code path. Per NVD, affected versions are 5.3.x, 6.1.x, 6.2.x, 7.0.x only; Spring 4.x is not in the affected range." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:15cddf77-19dc-55f1-b183-13aab5adc300", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:720a2d49-6574-5fba-8d09-455c3342ec85", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:083a6d81-283d-5a52-9fe5-07e3a35d616d", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:92fec438-7fd6-5472-9ef4-9b64fa3b124e", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f22a3106-ff9d-5263-a70c-5d1010444aa3", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:90ffff69-a9bf-5792-82c2-c78cf76b7a3c", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:36fd9f86-2869-56a4-a849-54f221b712cb", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dcbe6342-4672-52d3-ad6c-c571d186ef10", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:66645cbd-f19a-50c8-9026-969ce011614b", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e9470cf9-2988-5e3d-9a5c-307e06b5d1f5", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bb464dd6-8335-5690-9a87-6d0389794706", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5afefe3a-d964-5b77-af00-5a21bcee47f3", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fee7a654-a424-5764-9db7-f9f162226e43", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fccb19c8-ff0c-57e8-9abf-19eda8a0cfa5", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:258843eb-a709-5f08-b3e0-269a84883199", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.1" } ] }