{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:0f16e7da-ea33-5e25-8ce8-d05c57d07392", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context@4.3.30.RELEASE-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-context", "version": "4.3.30.RELEASE-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-context@4.3.30.RELEASE-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:a009d573-aa5c-563b-9e37-e53ab3e520be", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5ca708ae-91d2-5c1f-8d21-e6f7824d79e8", "id": "CVE-2020-5397", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5397 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:02a09a0a-15ca-5c76-859f-66081d7bd4ef", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:feebddbf-99cf-5d3e-b81e-3b1b698571a6", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:986aa154-fcc1-50b9-8630-1e504b2b5739", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:985693ac-0cac-51a4-b576-ae2a17ed45a5", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:08f2bf48-faed-5c9c-ba55-55d74d45a909", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:54fc4aab-5ad1-5f35-8133-2569db13a42f", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:453e46c8-a5a7-5d3d-b76f-5a0bf48b151d", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3f2e399c-7ffd-5026-aa73-57c936208edf", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ed739c14-3056-53d1-b2ba-da2ea4394346", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5dbc7d0a-8259-57b8-8a2e-891f58cbbe52", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7073b99a-9b3f-5c71-a814-15f792b4322a", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d7c562a4-c2b2-5536-bbd4-67b99df5a2f2", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:eb9da2c2-cd63-5cd7-949d-4bc8fa2483bd", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:595d4e2a-0aab-51a8-ac35-4f0309b3b44f", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3051ae62-5c87-5a9b-8163-84d4b046eb0c", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ee666ad4-653d-5e71-84a9-3518f80851f0", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:40f15903-a083-539c-af03-b242d9d84534", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:65bcc9b8-8840-588a-911f-92be644811c5", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:90304e06-693d-569b-a7a0-3e0f8db13214", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1fe55d74-49b4-57bd-b2ce-fcdba77d9def", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5e184e84-cd88-5d1a-9dbb-7998ec506797", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:af690e4b-116b-5b12-b99c-862ceeb508a1", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:59950fa8-ccb6-50b0-a333-4cb433f70c26", "id": "CVE-2026-22740", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-22740 does not affect version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-context. CVE-2026-22740 is a WebFlux-specific vulnerability (reactive multipart temp-file cleanup in org.springframework.http.codec.multipart.MultipartHttpMessageReader / PartGenerator). Spring Framework 4.3.30.RELEASE predates WebFlux entirely - the org.springframework.http.codec package does not exist in this version, and there is no reactive multipart code path. Per NVD, affected versions are 5.3.x, 6.1.x, 6.2.x, 7.0.x only; Spring 4.x is not in the affected range." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:594cb6bf-83b0-5151-bdb9-0a9302b4a2c7", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.3.30.RELEASE-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context@4.3.30.RELEASE-tuxcare.3" } ] }