{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:e1b46388-1471-57ec-a97e-585ba00763cb", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-aop@4.3.30.RELEASE-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-aop", "version": "4.3.30.RELEASE-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-aop@4.3.30.RELEASE-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:5f1cb091-5d16-5ca4-ba0f-70f772566631", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:89a6883a-81c7-5252-ab6a-2aff71dafedd", "id": "CVE-2020-5397", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5397 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:94df5e1d-61c9-5b3d-954d-2aa85b349f6f", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c0220ae3-27fd-57b1-a231-5a118a48a994", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:60341e94-3909-588a-a797-26be7bd9c2ee", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:90868020-0622-5aa3-81cc-14b74ac62c20", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7bb8ba69-b006-505e-9564-d836d8db9403", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:85ec910a-3693-5ba6-9953-295a01c63387", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:36f4c440-5b8e-5ccb-badd-e53538d0dc7d", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:efec44f5-5ed7-5649-bc8e-49af5f975d93", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c10d3cda-f38b-5cf7-9aef-bf282b47f8f8", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:700410ae-2f8f-5a73-a344-f2034820f3eb", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:23c92f0b-0b1a-59ca-bc63-df7a904ccda5", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:aaf5b088-44a6-5000-aeb7-3f5d3f4bab1d", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3ca8150d-de65-5336-b786-72a2234c0627", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9607c69b-43b7-5a56-bc53-f7595a81303a", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:56c54066-5985-50b9-83ea-da38c0919936", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3eb7643e-7387-56a9-a37f-2b0398cccf3f", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:eeacc7bb-e55a-5aca-82ce-438d97ee4f96", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a17be785-397e-54c9-896c-cf4f435d2069", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:423ccaf5-d743-5646-bd6a-b8cc94bc1ed8", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:71c24429-b6ee-59ca-a1e5-ea51d63ca8f4", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6d21acda-6097-5458-b000-c8c29cb9690f", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d5ef63db-10bb-579a-9c9c-96f0fbac62b3", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:89cbbc1b-e36a-5335-bc0f-bca8ed8db86c", "id": "CVE-2026-22740", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-22740 does not affect version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-aop. CVE-2026-22740 is a WebFlux-specific vulnerability (reactive multipart temp-file cleanup in org.springframework.http.codec.multipart.MultipartHttpMessageReader / PartGenerator). Spring Framework 4.3.30.RELEASE predates WebFlux entirely - the org.springframework.http.codec package does not exist in this version, and there is no reactive multipart code path. Per NVD, affected versions are 5.3.x, 6.1.x, 6.2.x, 7.0.x only; Spring 4.x is not in the affected range." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cb17cf62-c28c-56e1-80b0-56a09baf378b", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.3.30.RELEASE-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.3.30.RELEASE-tuxcare.3" } ] }