{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:a88e6524-4383-5fcb-a4d0-eee04b6f619d", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-aop@4.1.7.RELEASE-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-aop", "version": "4.1.7.RELEASE-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-aop@4.1.7.RELEASE-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:aed0437b-6bfe-50c4-9744-212244ed5c21", "id": "CVE-2015-5211", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-5211 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b1a0eb12-a4f9-5125-962f-582603a721dd", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:68f4f9ac-22ec-512e-8fb3-6fb3cc38b504", "id": "CVE-2016-5007", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-5007 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9f732623-e2de-516e-bb85-41062811a65f", "id": "CVE-2018-11039", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11039 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:97ba3733-0441-5396-a6fe-cf0853aba6bf", "id": "CVE-2018-11040", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11040 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:25052a0b-35ce-5f6c-b7db-db38d7882522", "id": "CVE-2018-1257", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1257 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a1e56313-02d4-5335-ac06-eb5960668258", "id": "CVE-2018-1270", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1270 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5e9f7186-03eb-5a03-85bf-d94050428d83", "id": "CVE-2018-1271", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1271 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:dc089024-3f6c-57a5-b2e6-1932d45366e9", "id": "CVE-2018-1272", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1272 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:fc008d16-b0b6-5cf1-b999-888ef6b60e15", "id": "CVE-2018-1275", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1275 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:74233491-0924-5e3b-a73c-0d5797a87c4b", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:76f87664-4776-5e77-a005-fff539c4546b", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0b8b50d4-23b7-5fb5-b734-bff554e1de84", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3687946a-a6d9-5003-9a71-4191a8351600", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:64324e0d-11fd-54f1-8bce-2bd309fe4be3", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8dc8474b-a4f6-5390-b09c-8b840462b716", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:49dec5ff-8ace-530a-a35f-9ff11ad4a3f9", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:376e2d9b-bdad-54b5-a1db-e79022ea6ced", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:31f964e1-a41f-5d7a-b368-b53b2761ac9b", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d364240e-efde-5581-b7d9-ee5f6cbbeb2a", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:aaf3d966-bf30-5afd-8f5a-05f066997556", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5b33eef6-2338-542d-98fb-d904e21637de", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1c2a41bd-de2b-5264-a75d-3b780bf07764", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:06b96683-c7ae-5d8e-97e5-fa03dd15d28d", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e5685f83-83e2-58b2-ade5-dc18aca7cb85", "id": "CVE-2024-38809", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38809 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e801caaa-5c29-517e-a3b8-14591219d7b4", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cafb924c-3996-5eab-809e-ae9b1966c6e4", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4ff44ddc-6753-5832-9559-5e0c17c647f1", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:56410008-d3cf-50a5-ae0e-9b11aa42ed20", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e25e2cb5-9c32-506f-988f-b18c5f3a0634", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4581e5e2-3693-5755-8193-8d015144faf5", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4d81ef74-36ab-58dd-b71b-f011284a2fce", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f61b3713-1a30-562d-9ff9-d895e39adc47", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ee34b3a3-3fca-552c-ba83-eea2cce57938", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f9f322f7-7713-5744-8297-5a880f08905d", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e1895a07-917e-566a-abfd-fad72ebed057", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c23438f0-b61d-52ab-81ce-9b616c23e15f", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d7d55e85-1130-5a86-933c-18bd8b414d86", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5e6bb5a7-f554-5d0b-a686-1ba2b3e5bd7f", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e2688bd7-b423-5553-86c8-08fc05655664", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4cf61a98-c50e-5d74-ae6b-374166c32c25", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0fecec00-7e6f-5470-86fa-b0558632e1d2", "id": "CVE-2026-41852", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41852 does not affect version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-aop. not_affected \u2014 Spring Framework 4.1.7.RELEASE is not affected by CVE-2026-41852. The vulnerability requires record-style property accessor support (empty-prefix method lookup), which was introduced in Spring 5.2+ and does not exist in version 4.1.7. While this version lacks void return type validation for getter methods, it cannot invoke arbitrary zero-argument methods as described in the CVE." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:98315dac-9b79-5d66-ac42-5f9ffba73d60", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cae09fda-85e3-56ff-b68e-36d499675de8", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.1.7.RELEASE-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-aop@4.1.7.RELEASE-tuxcare.4" } ] }