{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3ec29e30-16f4-51c7-9cbb-8f858c8d289c", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-webmvc@4.3.30.RELEASE-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-webmvc", "version": "4.3.30.RELEASE-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-webmvc@4.3.30.RELEASE-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:4de4650d-43d8-56dd-8866-9eb3f8ea331e", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3003a74a-8d87-5622-aee6-69560a2de91b", "id": "CVE-2020-5397", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5397 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2201ee33-e1c1-5c30-b0b6-eba9fc82164f", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2ca9cece-ecc1-5e32-9d0f-643f5db001f2", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:523658a3-770f-5968-95d5-2eeef97b67b7", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7e6dca6b-1a0d-58b3-8f4c-378212562747", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:74b8da7d-d2b7-5e7c-aca2-9e0d9c2b39d2", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:57757fc8-c88a-55b8-820c-252f56fda592", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b2ef8841-686b-53aa-ab21-4da3c00329e5", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:22276c82-68f5-5ad0-8ad2-e467e47df024", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b326584e-6f67-5e5d-a046-753854fc35fc", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8edb5cf5-200d-57a5-bde2-99fa6e8aada7", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fa631ac5-25a5-59f4-9380-099f638630e4", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ddd2e678-f61a-54c6-bf0d-9396d8e765ea", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4a7353da-da24-5e42-8d8d-a3948e8e11ed", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:021037ce-6f81-53c4-8997-b458e26c18c0", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ce1c7094-a026-5867-98f0-5ec92a4bd4da", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fd536810-a268-5a86-ac13-5e54751362a9", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:871e539f-dc62-572a-8403-c6311752fc05", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2a9128af-cb86-5594-81ac-03283cde629e", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6c46a660-38ef-5924-b83e-eb52971e60a4", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:de2cf482-e473-510b-9060-c29be5973b5e", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:eab04e8b-a2a0-5bbf-b273-86ed6b5523e3", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:512d90f4-c10f-5523-aa43-d5d9574aa908", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:04d33e17-927c-596a-9410-55013d2827f7", "id": "CVE-2026-22740", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-22740 does not affect version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-webmvc. CVE-2026-22740 is a WebFlux-specific vulnerability (reactive multipart temp-file cleanup in org.springframework.http.codec.multipart.MultipartHttpMessageReader / PartGenerator). Spring Framework 4.3.30.RELEASE predates WebFlux entirely - the org.springframework.http.codec package does not exist in this version, and there is no reactive multipart code path. Per NVD, affected versions are 5.3.x, 6.1.x, 6.2.x, 7.0.x only; Spring 4.x is not in the affected range." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:029b68fe-08de-508b-93d1-787a15afd736", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:64605e8b-8d18-5a28-b0a6-f96126642957", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:733819c8-b167-51ce-bdfc-e061721c87ca", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ca5022c6-c5d5-5dad-bb4e-493d375e8e02", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dc23ea79-7566-538a-86c3-a9dd7a667fc7", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9fa5ec3b-1024-5131-8f47-c38c04f441a2", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d325c488-b929-5d2c-9d4d-e752031fcba3", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3af4d744-9bd9-5fa4-be99-b6897ec1329b", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:49bf4219-4c45-5f19-9308-9d41fd506e06", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cdfa8ca4-705d-5a30-8245-7f60e19adaa7", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:917a7f79-2926-5811-b552-c1c389667b62", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cc1773ea-fadb-54cb-8fbf-241f269473ec", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:abfcc8fc-4347-5e5c-b404-d6b2ed6a951c", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b0db476b-a0fb-5db1-9895-898521acb053", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9bbf25db-8407-5304-8e44-f3c586525715", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.3.30.RELEASE-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.3.30.RELEASE-tuxcare.1" } ] }