{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:d13bd8d4-59e4-5117-a06d-dff17d7016e3", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-web@4.3.30.RELEASE-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-web", "version": "4.3.30.RELEASE-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-web@4.3.30.RELEASE-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:fe8adab9-2a56-5bb7-ae2a-41220867eed4", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:04dda4b9-8505-5cee-ac81-e46f64094012", "id": "CVE-2020-5397", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5397 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e599aa02-f174-5cda-bf37-f6a99fe3034e", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ed8f264b-803d-5716-a467-6f4d4ede64f5", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b1e6f2e2-8075-5724-87e2-a3d4c0fbe3ce", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d559de73-0814-5eed-bbc0-b99d40f6c32b", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3f024192-5d85-5e72-a805-df1d1fc0ea96", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0fda1065-dc9c-502d-bcfe-23c07c766d38", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2bdcd82c-7fff-510b-a4c8-da0a6156edcc", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8fd0f979-6b92-54fe-92c2-bcb1fbc2fc49", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d6890ffd-b0e9-500d-aa61-c6528337b41c", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7a9b4e05-1597-58eb-977e-92cc6f71e47b", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:385c2852-d39a-5adf-82a4-0408e62ac37b", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f53d5773-bf50-5277-9368-3ae8e777698a", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:458f441a-34ef-565e-8fce-4cbf7df27e8f", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0937be10-b1ae-51d5-bf7e-b70adf1e53c2", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:78fc0f71-4334-5edd-b13a-6d252e83e31e", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8b962a64-4ff9-5ae1-909c-a966602fbdfd", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e3fe1923-f51b-50d7-aee7-8df9ec599991", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fd8c0c89-8587-5ebf-a75b-baa028b77489", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:aa5f216d-6d91-5192-84cf-ab3f48d7852d", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8c29a2b2-4c64-5561-be1e-9b8aaefeda86", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5e727871-6ffe-5d97-b428-d985e831ac39", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5647dfb8-9b9b-57aa-84eb-cb8bffc48e81", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1657f903-d3de-5c2b-b997-fb0344ee866e", "id": "CVE-2026-22740", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-22740 does not affect version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-web. CVE-2026-22740 is a WebFlux-specific vulnerability (reactive multipart temp-file cleanup in org.springframework.http.codec.multipart.MultipartHttpMessageReader / PartGenerator). Spring Framework 4.3.30.RELEASE predates WebFlux entirely - the org.springframework.http.codec package does not exist in this version, and there is no reactive multipart code path. Per NVD, affected versions are 5.3.x, 6.1.x, 6.2.x, 7.0.x only; Spring 4.x is not in the affected range." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cc306ac7-23ac-535e-bfc2-90f68515dd9c", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.3.30.RELEASE-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-web@4.3.30.RELEASE-tuxcare.3" } ] }