{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:a0e43ee1-9920-5115-9bcc-c2e9240889fd", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context-support@4.3.30.RELEASE-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-context-support", "version": "4.3.30.RELEASE-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-context-support@4.3.30.RELEASE-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:2ba9470d-4b58-5056-965c-c84fc4105cda", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8638f32e-3879-53bb-aec1-4acc046e05dc", "id": "CVE-2020-5397", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5397 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b6d3aebf-d31a-5a62-bfe1-bba3d99d232e", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:66dd75e7-7edb-5f27-bba3-bea63bdf8a00", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ce186af0-df4e-5c12-80d9-0c8dd4d40b52", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cf107e4e-0833-559e-9d4a-cf56d0b76c97", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:26a514d8-87b7-5901-b729-a4d262694831", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6a006d19-b08a-5d6f-a398-739972505490", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:812fe6e8-389a-5bdd-be68-7ec3e9ab5dd3", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ca05a1eb-a15d-52e6-b124-ff64359317fb", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d4819f2c-d058-51b4-a05d-42634cc3078b", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:06d8e393-6d0c-5bf9-9c9a-d80ceecff9a6", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4d058c1d-bce7-505b-b848-1d05929b83ae", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:50f14283-cf0b-5244-a51a-c4addc5700e8", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6f81dfbd-86e7-55e9-b9ec-a3572019c3b8", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:597ac712-5562-5025-b629-faf5ef1b5f0d", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e90ee528-ce61-54ac-ab7e-66d2d6feb932", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:900daa43-5bea-525d-9b3b-e8ef177af6e6", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9dfa032f-db5f-504d-a702-f8c4bf754739", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e86e3b40-0e20-56c3-a9d2-6a4a16099b90", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c4e62e35-dca4-51f0-bfe4-999c863fbe71", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4aca997c-bb5c-50a0-b540-da02aedcfb9c", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5d0f3d0b-5f9d-5584-94de-b4997917a97b", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:030b032e-afce-546f-85c8-26cd4ce7a7de", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1e260faa-422d-510a-ab27-f8346e9cca02", "id": "CVE-2026-22740", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-22740 does not affect version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-context-support. CVE-2026-22740 is a WebFlux-specific vulnerability (reactive multipart temp-file cleanup in org.springframework.http.codec.multipart.MultipartHttpMessageReader / PartGenerator). Spring Framework 4.3.30.RELEASE predates WebFlux entirely - the org.springframework.http.codec package does not exist in this version, and there is no reactive multipart code path. Per NVD, affected versions are 5.3.x, 6.1.x, 6.2.x, 7.0.x only; Spring 4.x is not in the affected range." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d8fdd580-a57b-592f-b39a-cbb59cb00a8f", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.3.30.RELEASE-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.3.30.RELEASE-tuxcare.3" } ] }