{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:50a31246-286e-5f38-b837-a8c19e342531", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-beans", "version": "4.3.30.RELEASE-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:82fb226c-2593-5046-a1dd-bccbd02e9a3f", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2a63022c-3822-51d1-bf30-85da056e5ed0", "id": "CVE-2020-5397", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5397 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8f0d80dc-8cc6-5f44-9c40-e16aa7cef3f6", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d892e1df-fd4f-5ab4-bd56-40cd8b1ad0b0", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e38ecf89-659f-5dcd-adea-c80c726b6981", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a283f1f3-6cf4-5c55-bdce-52ab8fdf1228", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0caf2c65-b603-5cee-83fb-f3feec8d490d", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4ce62c69-9a9e-5fe5-bbf9-4bcea8ec6628", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:396b2ed4-497e-550d-ad30-9a0de8e42e24", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b783a555-7bca-5520-a26f-1a94cfdfbea6", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:89ebeefc-b201-58b4-a43e-bbe3af115123", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c97308a0-8d76-5b89-b7c9-e5461d264ecb", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:399b21fa-4953-5410-86a2-a846878520d2", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ceaf9733-c3ca-50cb-b8bb-bd50b6e23a1c", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1f946048-4908-596f-aae7-801c5afbae01", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:98842b06-2d1c-5610-b9be-14e6b2bf7b3f", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5a0f7194-85ac-5594-8a49-0ae649bc89e0", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:473ef549-a315-5571-a6fc-1cc333b359fd", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0e7a3fcb-ee3b-54f5-bf65-2c9752c875d9", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:419e07d2-d283-51bd-ac6a-222a3406ce92", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:45209b64-2de8-5f0d-834a-de701192b06a", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5a81bcfa-5a7d-5af8-a1e6-1a1ad431d284", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4529ab7f-a9a7-5805-921b-84b6a579d069", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f8d37d5a-92ec-5668-8868-2ae8e08f8660", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:38532a62-6d1f-581f-b874-bc473f7b443c", "id": "CVE-2026-22740", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-22740 does not affect version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-beans. CVE-2026-22740 is a WebFlux-specific vulnerability (reactive multipart temp-file cleanup in org.springframework.http.codec.multipart.MultipartHttpMessageReader / PartGenerator). Spring Framework 4.3.30.RELEASE predates WebFlux entirely - the org.springframework.http.codec package does not exist in this version, and there is no reactive multipart code path. Per NVD, affected versions are 5.3.x, 6.1.x, 6.2.x, 7.0.x only; Spring 4.x is not in the affected range." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:781105dd-0a41-5e45-bf0b-49d817026d64", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.3.30.RELEASE-tuxcare.3" } ] }