{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:86e4a224-93b6-510f-87e1-7c45cd7b45bb", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-test", "version": "4.3.30.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:30c12609-935e-5910-a80b-cbe8575ee498", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:77875839-95fa-5538-b289-2da584b2031e", "id": "CVE-2020-5397", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5397 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:464765f7-8c69-56a7-b78c-0b40850f0e18", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:daf0477d-7972-5029-bce2-01d50aa88152", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dfab98d0-bbda-555f-83ca-952df7e8ccae", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f6342407-16b9-5099-8b6b-db428cd5129e", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1fc75807-695a-533d-9792-91bd32cd889f", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0e59e850-c43e-56ba-a45d-734e89ec2830", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7b5f411a-46ab-5391-b187-031a3b056ce8", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:16c3420d-634d-53fd-8e21-676f4e918564", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7de76305-b915-53e0-a59e-0e5bbdf74988", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:36da7576-cdf2-5774-b2a7-8d39fd0548b3", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3c507470-2f1b-5fa3-9622-fdeb287d8460", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:70e2ba59-2fab-5373-9350-75a3460e5bca", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6b2a957d-7ad6-5739-9ac4-bc812b84399f", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d92881fc-a274-590d-be54-dbe182d3ec76", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9631eb2c-4fdc-5831-9597-ea753591f80f", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7fc1c581-db58-5294-8733-6ce612e0b06c", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3a025a95-d406-5982-ae27-722292121e7b", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d747cdfe-607b-5c61-acf0-8de01dcb2772", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7f85a8c8-11bf-5450-96ff-5bcb9aa46e5c", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7c0ee377-1370-5a5c-b0b3-65cb06485232", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:417fdfbb-4af1-54a3-a4fe-2b417fd32b99", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8c30441a-3ca9-5e3c-8f3e-a643a1821076", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f8261056-067c-5315-b188-27191832e1b3", "id": "CVE-2026-22740", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-22740 does not affect version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-test. CVE-2026-22740 is a WebFlux-specific vulnerability (reactive multipart temp-file cleanup in org.springframework.http.codec.multipart.MultipartHttpMessageReader / PartGenerator). Spring Framework 4.3.30.RELEASE predates WebFlux entirely - the org.springframework.http.codec package does not exist in this version, and there is no reactive multipart code path. Per NVD, affected versions are 5.3.x, 6.1.x, 6.2.x, 7.0.x only; Spring 4.x is not in the affected range." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3e413317-c6ef-54a5-893b-bab317a2adf7", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:712fa274-7977-5a73-b48a-030b58467b2b", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0761ed15-910c-5702-895a-49762ba10ec4", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:03cb8b65-1a9c-5a2e-8e6f-e4cbd958e594", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:56567b95-9676-5903-b2a5-f22aa1c77d89", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:11b0e77c-57c1-5265-95e8-00bd1242ae24", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e81f1228-7799-5d6d-869c-8ede23ed2252", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ec59a6cd-7d32-5e44-982a-aade2a6dcb2e", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2b9fd58b-486c-5b98-bb6e-c3aa8b482338", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4e2a8c37-daf7-5c52-af0c-8299db34527e", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:10c7c730-47e9-599a-98e5-12ac7f77f280", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6eaccdff-4472-5012-ae16-117efc711a74", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:af151668-402d-545d-8d63-df4d7e052c5b", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ca3ec0e9-3c42-5522-8c74-64e6c414c0e1", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4fa6c026-06e1-5f8f-b383-96273526e057", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.2" } ] }