{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:7601918e-d423-58d8-9d15-d21f066ee5ce", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-web@4.3.30.RELEASE-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-web", "version": "4.3.30.RELEASE-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-web@4.3.30.RELEASE-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:0a829796-b6a0-5cbf-ae79-d07f948119aa", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4561ba04-970f-56ce-af5e-39a2940e1966", "id": "CVE-2020-5397", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5397 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:19a42e17-9eb3-50ad-8d26-3d8f1e0075ff", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:597892e5-6417-5cd0-9c33-4235ab483c6c", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1fbc386b-713f-5f9d-af9d-7bfee37d7395", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0618fdbb-659b-54cd-afca-075c12ad2af6", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c9ef4030-7aec-5e7a-ae5c-a2251160aaf6", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3af08121-c361-5afa-b4d1-b7cee1cb1606", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:248a1108-fbef-5ea0-8343-4ee8800f4577", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e9ab3e04-aaf2-54f8-b9b8-edaf0d19b006", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d6bdc33c-66f0-5f8b-a7b2-205af75fde91", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dea51a94-137e-598c-a5d5-6d50b7f3e09d", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fdfa0e2b-82b5-5be2-8962-6f29f10f0233", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:56ab5e1d-db1d-5813-aab2-801a8379053f", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e6c17d34-aaea-5186-88e8-f8fa9f871624", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:205ae307-61fa-50e9-bdce-262a0cfad95d", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5507c5c5-4fcf-5a5f-8146-0be2b7daf70d", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c2336adf-edb1-55ba-beb0-7b243c3487e9", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:82a2dc8e-ea4c-5d3c-8844-3fa45469cd8c", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:46f5ea1c-8733-5a4a-b72e-151414b18040", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:81e68c4e-7cd3-5150-9887-b3043dd05744", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9fcce27b-c2c0-5a62-8b13-dfb8e67c2c4a", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8b24bfb9-0102-5a32-9608-ce5257542a94", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4d75265e-ce68-5a23-934b-094254d69be7", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2dbf9571-6740-57ac-8f46-d8c9489ff9cd", "id": "CVE-2026-22740", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-22740 does not affect version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-web. CVE-2026-22740 is a WebFlux-specific vulnerability (reactive multipart temp-file cleanup in org.springframework.http.codec.multipart.MultipartHttpMessageReader / PartGenerator). Spring Framework 4.3.30.RELEASE predates WebFlux entirely - the org.springframework.http.codec package does not exist in this version, and there is no reactive multipart code path. Per NVD, affected versions are 5.3.x, 6.1.x, 6.2.x, 7.0.x only; Spring 4.x is not in the affected range." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c2fa42c0-cc49-5b9e-99c2-025d008a52f1", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0febc223-dcd9-54b2-94eb-0920b5e5e2aa", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a625271c-5ea6-5570-a79e-55447f5d0ade", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e29c7e45-c12a-5d03-b446-254bbc8c6be8", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b5b34d57-efff-595e-8886-0a8058b8754c", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3df5f12b-6ed4-5d19-98e2-ce278bc65705", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e6abe5be-c7e3-5137-a17e-38d0ff59215d", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e7ae67fe-bc8b-58ae-a373-292a4e41d251", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:af607a39-5fe3-58ef-9b22-84ab5e4bb98e", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ad2c2f9b-2c27-51c5-8754-aecdc70edcf5", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dda4198b-39d8-5b77-a805-9da512efdd0a", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:94829629-dd91-581c-bbff-3495393a1e49", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6b39ef7a-643d-54a6-b698-8b5e202ab284", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3c2afe26-3b40-5782-9a33-eafe53028c2a", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b0bc113f-ae37-5161-b073-a12a33b7f78c", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.3.30.RELEASE-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-web@4.3.30.RELEASE-tuxcare.1" } ] }