{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:a90127cb-162a-59ff-8c88-917e9c8f0944", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-oxm", "version": "4.3.30.RELEASE-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:9246caff-0aa2-5249-92d5-9d938fa8a2ec", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:00f39132-e426-540d-af25-bfa275c40e02", "id": "CVE-2020-5397", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5397 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:91fad30a-edc4-5287-ab1b-2d2e57f36a00", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8037d3e5-5b1f-545d-8ad2-a1d5b45c8bf9", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e2cc65a6-7f62-5081-a85d-c9943484fc26", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c89d62c1-ecfd-5e05-be19-8f41285afa03", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:eb766550-fb27-5255-b24e-931249f870ad", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:53e8c22c-b9c2-533f-a4b5-e3824fbb7491", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e0cd32f4-744c-5eae-9b41-9c6f9cbc2d2c", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d62f442b-a291-5551-a142-36a36fbdb875", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7468715b-135c-5a80-9d52-82ee8bff1a2c", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f01edb30-5e4e-50bc-93ac-6255db262f24", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:41ef399e-87b9-5e0e-8269-4201912dfeee", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1b9aae92-bc31-5849-b15e-45143931e8be", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6166b1fb-32c5-59ad-b49b-f18f8e8a1a7f", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8f78fb81-905e-5c1d-85cd-5e88525fd575", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fd0a844d-bf25-5831-b38c-a0c3e7c54f94", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:74886376-7c1e-508b-b6f6-1d1607321e90", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:50ebdc1c-df16-55f2-8a39-3269fb041214", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b690ff17-6697-5fb2-998e-5b7500664064", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1a327c82-4da2-54fe-ac88-6a92747ee9a8", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ffab9638-c947-5ed8-af78-8f871dc6439e", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:92d1137b-7eb7-58b4-bd98-51c5d1176da2", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:16d8cc18-4191-5122-948c-ee1f2d5eda36", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:109428c1-10d5-5d23-ace1-b9091c08cc84", "id": "CVE-2026-22740", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-22740 does not affect version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-oxm. CVE-2026-22740 is a WebFlux-specific vulnerability (reactive multipart temp-file cleanup in org.springframework.http.codec.multipart.MultipartHttpMessageReader / PartGenerator). Spring Framework 4.3.30.RELEASE predates WebFlux entirely - the org.springframework.http.codec package does not exist in this version, and there is no reactive multipart code path. Per NVD, affected versions are 5.3.x, 6.1.x, 6.2.x, 7.0.x only; Spring 4.x is not in the affected range." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6698e0a2-7cc4-5d39-8210-ca710bd8c9aa", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-oxm@4.3.30.RELEASE-tuxcare.3" } ] }