{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:48ee2fe4-2b20-5cc7-8532-cdeb1c3a7130", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-messaging@4.3.30.RELEASE-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-messaging", "version": "4.3.30.RELEASE-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-messaging@4.3.30.RELEASE-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:86beb658-324b-5f42-8971-a7486a612b38", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2b03d411-8a75-5d3e-b6c0-8d9055f6d40d", "id": "CVE-2020-5397", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5397 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:30d445a1-7f92-5904-a480-3b8327f12538", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e6e191fc-d4bc-521c-89df-9e7a363acf67", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0cf3341e-bea5-5eff-8926-1e0a9f06bf55", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:477ab1ce-4a1a-51fa-8f01-7bee95d4f907", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:78401d35-2a99-553b-a48a-b0444c9c05b7", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0f0c2301-ade6-5d0e-ba01-760b17e47106", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e42c3469-6ec1-57b7-b95f-93b12448f7be", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ce32d249-3e76-5b4e-b021-c7ab90cacb30", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:891087a3-f68b-5513-ab8f-fe9483de5222", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e44a960f-8aa8-58a8-bb8b-48d857635250", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5047cfcd-4a70-56d9-a0c9-fac3ce3f045c", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6b4c5aaa-e327-55de-94d7-07bee6e94b79", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1f5ffad7-1664-5586-98cc-27cf74c74917", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8f5d471a-28fc-5b99-8e8e-4cc16b9777bd", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a125e807-ab14-5e17-916a-f03c3b0cd99b", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ef9c7250-37be-5797-a916-d0d2f2053acb", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1693b4f6-4d53-524c-b295-81fbbafbea26", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b1b65c7c-403e-59a7-90c6-a4f87891580d", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:05212911-f07a-539b-a2b8-5297ee9fdaf5", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f63e1921-edbd-5c80-bc12-edbdbd0e0dd9", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e34c986c-184e-5797-88d6-db44cba569fa", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fa7d782b-1e73-5807-891e-94fdc3743a1b", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:50760334-956e-5365-be4a-8df8b2731759", "id": "CVE-2026-22740", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-22740 does not affect version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-messaging. CVE-2026-22740 is a WebFlux-specific vulnerability (reactive multipart temp-file cleanup in org.springframework.http.codec.multipart.MultipartHttpMessageReader / PartGenerator). Spring Framework 4.3.30.RELEASE predates WebFlux entirely - the org.springframework.http.codec package does not exist in this version, and there is no reactive multipart code path. Per NVD, affected versions are 5.3.x, 6.1.x, 6.2.x, 7.0.x only; Spring 4.x is not in the affected range." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:81898a8a-19b3-51d8-9aeb-0be65ff372a8", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.3.30.RELEASE-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.3.30.RELEASE-tuxcare.3" } ] }