{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:dbc25529-401c-53d5-beb8-0298ff6f8e0b", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-framework-bom", "version": "4.3.30.RELEASE-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:e859dfd2-6c9b-522c-8962-5c5796b1b696", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a47ca09d-9c11-57f2-a540-3e70bf256dfb", "id": "CVE-2020-5397", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5397 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3826bfd2-3eab-5f11-876f-bdb6e261c5b7", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9d6fa9a1-a270-5f14-874c-6a18457beb74", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4a09a525-dd47-55dc-8549-1bf567c01432", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b153f5a4-8a35-5a62-9c48-3a80f1d5e48e", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3720a8e2-3cb3-54f3-bd4f-a31861bb2b30", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2d78b171-de8d-554d-bb22-cd5375f13681", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5afc267c-efd4-5e01-b9ea-29eef4e77e85", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f25e15da-9b91-5893-8647-581af041d6a1", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cd0950ad-0143-5de3-a36c-ea6fd12d4338", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8b8e5729-47a2-5117-864b-847aa0c12b0a", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a994597e-74ef-549c-9ca3-32a6eaae03b8", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c41ea45a-404b-522c-a7c6-1cb18d79c610", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a56a19ec-da74-51f8-acbe-f22836442373", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:11368355-371d-5261-8538-f525eeaf818f", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ca163703-c173-5e21-89d8-2569d639a6f1", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ece9de71-c42f-5438-8283-ccecb2460deb", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:abd85d2f-d351-5c0e-90aa-9cc4c32ede67", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:45553a20-fe17-5eae-81e2-aa37df65b280", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:df657581-3480-59c4-8575-5968aa1d7b25", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8cc0637b-75d3-5fc5-9ad2-f5058fb1b9b4", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e4d60150-adf9-5a0f-96f0-aae4ff1119bf", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c72838e6-7809-5ce5-97a5-d97bbcd68386", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:454e00af-641d-5276-9129-46f3603b7e5d", "id": "CVE-2026-22740", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-22740 does not affect version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom. CVE-2026-22740 is a WebFlux-specific vulnerability (reactive multipart temp-file cleanup in org.springframework.http.codec.multipart.MultipartHttpMessageReader / PartGenerator). Spring Framework 4.3.30.RELEASE predates WebFlux entirely - the org.springframework.http.codec package does not exist in this version, and there is no reactive multipart code path. Per NVD, affected versions are 5.3.x, 6.1.x, 6.2.x, 7.0.x only; Spring 4.x is not in the affected range." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:51e759f2-84dd-5a43-a40a-1ea6be1bd071", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.3.30.RELEASE-tuxcare.3" } ] }