{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:f770447a-70d4-5975-880c-8a5b66107097", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-test", "version": "4.3.30.RELEASE-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:8484b422-fa98-59ba-9925-e01c4446baf4", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ad170d5d-556d-52b9-b51b-c7ab32ffb39d", "id": "CVE-2020-5397", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5397 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9a97722f-05e7-5473-8b2f-a12aa6ac89a2", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6271f567-5f70-559d-b335-c31afee862fa", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:21c02c5e-8a7d-5cba-94b0-4cd859726a06", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:16e7d93d-4e09-5249-9b62-0ac40d55c7e1", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a6de2961-e03a-5077-bd9b-e83672ff2125", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:705e4783-dd6c-5a82-ba62-53b7e9862641", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2cf9a3c3-6fc9-5de6-a8e0-c06082cf0af3", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1606023f-83fa-59d2-a1f6-4a4cb65cef79", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4cde97eb-ff0b-5acf-a81c-482d5173438d", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1d1d38d7-3bc5-5581-b98c-0a17879a7e9b", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8e0126bc-b07d-59e9-8fe7-a158be0aace6", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:001b5349-69c9-5664-816a-f041067305cc", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0a121d6f-a3cc-512f-b2d8-a70199e131ee", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a045ad3f-e477-5406-8249-b3baeeb41a7b", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b972e2cf-f847-5fba-80f6-e88bbce62d14", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2b0bf10b-a286-5398-aed1-9d89cef0dc2e", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a93136e3-82c2-5505-95ec-35bc5c8fe962", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d715377b-4df1-53cb-a1a8-d26bf39233d1", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:dd9b8abc-4ed2-5f71-b01e-badb6b62c6ab", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a0a3b198-9c4b-5180-bf88-7f09cdb94635", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2e3ab280-a7f7-50b2-afcd-e83e1fe65538", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:423e1c06-02a4-5ebf-ad49-c2046ccc59d0", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:53c271d6-f95e-527f-b868-e0e756f5c65d", "id": "CVE-2026-22740", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-22740 does not affect version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-test. CVE-2026-22740 is a WebFlux-specific vulnerability (reactive multipart temp-file cleanup in org.springframework.http.codec.multipart.MultipartHttpMessageReader / PartGenerator). Spring Framework 4.3.30.RELEASE predates WebFlux entirely - the org.springframework.http.codec package does not exist in this version, and there is no reactive multipart code path. Per NVD, affected versions are 5.3.x, 6.1.x, 6.2.x, 7.0.x only; Spring 4.x is not in the affected range." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:821fbd6f-2600-5761-a336-729c6384176f", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-test@4.3.30.RELEASE-tuxcare.3" } ] }