{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:f1e8f5b4-da10-5abb-954a-eac536cee1d2", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-jdbc", "version": "4.3.30.RELEASE-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:2ade279a-6139-5379-a2a0-3080e3b61ffd", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4960c099-78fd-568f-8299-33a3545933f3", "id": "CVE-2020-5397", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5397 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:14a77810-2c6e-50cf-843b-a9c2c9e70430", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1dbcc56d-477a-528d-acce-36cdb3412197", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:be7b2fcc-75c4-5a2e-94d8-b24e767a5a0c", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:45fd0a05-8bb4-59bd-aa92-68f2cc9e2b19", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:62ad2483-0d42-5a58-a321-f973e46d5788", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5054b5cc-9c00-598d-8146-8ef507385cd2", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:396ada74-0940-5120-89a1-69b04fa95265", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:65d2efc5-1766-5bc4-8914-fe1effd82f6d", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f657815a-d115-53d2-be92-87c34e9ddb6b", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d50a9a68-34ec-53a0-af2e-f3f265ad3dce", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:53041378-a83b-54cb-801b-c354268a1afd", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:84ed4689-deda-5746-a7d0-72fe26beed31", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d59af967-2f90-5682-b450-89a6469deb77", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f44d32a2-67c2-5a18-96af-c515aa9c953e", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d9a2e0f9-5c00-550b-b1a1-6180d69931cb", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a8bebfce-6e3b-594b-a9f3-ba8c0e825b71", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9fbead0d-098b-5ac5-9d5d-3aee35320c7f", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9e7a2bbc-10cd-58eb-afd3-3b8612bb1368", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7558b9de-c07c-5566-a9ce-6b13d481551e", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d0fcead3-197d-5f01-9102-2c82f565b397", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cd6360d8-aa7b-5140-bca9-6b43e5d48b0e", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5ae9d1d2-a259-5361-9bcb-a55bda88a3ef", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:abea36bf-0d00-509a-a34e-800d2a2c4828", "id": "CVE-2026-22740", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-22740 does not affect version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jdbc. CVE-2026-22740 is a WebFlux-specific vulnerability (reactive multipart temp-file cleanup in org.springframework.http.codec.multipart.MultipartHttpMessageReader / PartGenerator). Spring Framework 4.3.30.RELEASE predates WebFlux entirely - the org.springframework.http.codec package does not exist in this version, and there is no reactive multipart code path. Per NVD, affected versions are 5.3.x, 6.1.x, 6.2.x, 7.0.x only; Spring 4.x is not in the affected range." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9e4bf1ea-367e-5d6f-8b1b-464039a91e93", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@4.3.30.RELEASE-tuxcare.3" } ] }