{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:e74ecd09-b796-52a4-9112-9d774894b412", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-webmvc@4.3.30.RELEASE-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-webmvc", "version": "4.3.30.RELEASE-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-webmvc@4.3.30.RELEASE-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:d28c05db-b2c1-55ba-96a1-958fc2c2069c", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a71f71c3-5743-5bbe-bac6-0eca1b63d6c5", "id": "CVE-2020-5397", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5397 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:48c24b61-7307-5b2f-8690-1a559aeb0ca8", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d7a66c92-6755-5c3e-bb22-dc1479d00a55", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7c879e2b-6e4e-5724-8bf7-634d4a3211ca", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7586a1aa-2c86-5f5b-b338-abce8a00ddcc", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:583fc0a7-d35b-586e-8de2-9b2cfb9b3bf0", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:71a5752d-f1ea-53a9-9298-7d26dccd663b", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:eb4f3719-fc63-55e1-9684-e6e7045d2f49", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:17324847-1563-5656-b840-73ae35034925", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:af686cf2-a956-5633-8bdf-845dd4382db1", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5829b888-ea9e-56ef-a87d-bd83c8abdfab", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:43f0ddc1-b345-5acd-b74d-4d8b1ec7a6c8", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f28568ef-39dc-5e59-94d6-35b8664d918b", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ab0c0e78-8da0-55b7-9c14-e901d80cf16f", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1001231b-6b68-5195-9139-69c52b054dc1", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:18873388-261c-52ca-ad56-2827b7168334", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fb7b1854-810b-5b29-a953-af3590480f8a", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5324d3f5-0c2a-5dfc-bf57-81e6e0786f70", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b6c19a77-af0b-5de0-bbfb-659f724da290", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4e67379d-7177-537a-b830-f8d513ce9afd", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8c31bbd5-a175-5357-ace2-1a361729e3bf", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b90f126a-d158-5179-b278-d302843afad6", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:459eb0a4-2fec-5cc1-b6a1-3ba2f18dedf4", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ac3c6f4b-90e0-5185-9c54-38198a23bbc7", "id": "CVE-2026-22740", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-22740 does not affect version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-webmvc. CVE-2026-22740 is a WebFlux-specific vulnerability (reactive multipart temp-file cleanup in org.springframework.http.codec.multipart.MultipartHttpMessageReader / PartGenerator). Spring Framework 4.3.30.RELEASE predates WebFlux entirely - the org.springframework.http.codec package does not exist in this version, and there is no reactive multipart code path. Per NVD, affected versions are 5.3.x, 6.1.x, 6.2.x, 7.0.x only; Spring 4.x is not in the affected range." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b9b14033-7da7-5abf-8fd3-3920c55b9bc0", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.3.30.RELEASE-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.3.30.RELEASE-tuxcare.3" } ] }