{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:f4c05dfc-da6e-5503-b25c-8c69f948899d", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-asm@3.0.5.RELEASE-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-asm", "version": "3.0.5.RELEASE-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-asm@3.0.5.RELEASE-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:3bbcf2e7-065a-583a-a40c-bdbf95047ad7", "id": "CVE-2011-2730", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2011-2730 affects version 3.0.5.RELEASE-tuxcare.3 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.0.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b824b275-6c06-5994-9a04-c6982685c033", "id": "CVE-2011-2894", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2011-2894 is fixed in version 3.0.5.RELEASE-tuxcare.3 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.0.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e21f5969-fe1d-5afa-8126-9968ab092422", "id": "CVE-2013-4152", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2013-4152 is fixed in version 3.0.5.RELEASE-tuxcare.3 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.0.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c73d0e6f-465b-5042-a35f-d1bbb95aecee", "id": "CVE-2013-6429", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-6429 affects version 3.0.5.RELEASE-tuxcare.3 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.0.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c6d17eb3-2572-5e09-b2b3-5c38ffe3fc3d", "id": "CVE-2013-6430", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2013-6430 is fixed in version 3.0.5.RELEASE-tuxcare.3 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.0.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:042269b9-e63f-5df3-a4e9-cac6d249554d", "id": "CVE-2013-7315", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-7315 affects version 3.0.5.RELEASE-tuxcare.3 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.0.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e9641329-7210-5f84-b851-c744499cee3b", "id": "CVE-2014-0054", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0054 affects version 3.0.5.RELEASE-tuxcare.3 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.0.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6fe4bcff-43f9-507b-88a4-c06d914cae3d", "id": "CVE-2014-0225", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0225 affects version 3.0.5.RELEASE-tuxcare.3 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.0.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:38b552bd-cb74-52da-a8d8-1fb2e7042c27", "id": "CVE-2014-1904", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-1904 affects version 3.0.5.RELEASE-tuxcare.3 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.0.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d018d87f-5e52-5729-aa11-aebc9514c15d", "id": "CVE-2014-3578", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-3578 affects version 3.0.5.RELEASE-tuxcare.3 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.0.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:96873123-3052-5d2c-91fe-29bda0673b99", "id": "CVE-2014-3625", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-3625 is fixed in version 3.0.5.RELEASE-tuxcare.3 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.0.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:84747212-5697-5205-a382-bbc2e1bbbe67", "id": "CVE-2015-3192", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2015-3192 affects version 3.0.5.RELEASE-tuxcare.3 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.0.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:901d9cec-2a61-5fe9-9798-3247daf09ce7", "id": "CVE-2015-5211", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2015-5211 affects version 3.0.5.RELEASE-tuxcare.3 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.0.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8050a977-1077-52d3-9097-8b0cb4be32da", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 3.0.5.RELEASE-tuxcare.3 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.0.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9c3495e4-cfbc-5636-9672-d66cb1e89351", "id": "CVE-2016-5007", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-5007 affects version 3.0.5.RELEASE-tuxcare.3 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.0.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:91ed8ecb-364a-512c-88dd-c0d042a479fd", "id": "CVE-2016-9878", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-9878 is fixed in version 3.0.5.RELEASE-tuxcare.3 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.0.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6f33fabd-c00a-52dd-acef-8ebf0a5d9ceb", "id": "CVE-2018-11039", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11039 is fixed in version 3.0.5.RELEASE-tuxcare.3 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.0.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:99279c6e-9eae-570d-a2eb-8a1dbad6dcdd", "id": "CVE-2018-11040", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11040 affects version 3.0.5.RELEASE-tuxcare.3 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.0.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:764396ee-b6a4-5853-9d47-4dc7ce63271e", "id": "CVE-2018-1257", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1257 affects version 3.0.5.RELEASE-tuxcare.3 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.0.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:79204f36-3039-591a-aa37-c4759831442f", "id": "CVE-2018-1270", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1270 affects version 3.0.5.RELEASE-tuxcare.3 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.0.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2e2c875f-24b2-5097-b069-7072747904d6", "id": "CVE-2018-1271", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1271 affects version 3.0.5.RELEASE-tuxcare.3 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.0.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8dccd4ff-2a3d-519d-a8d2-52a3f32e8fba", "id": "CVE-2018-1272", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1272 affects version 3.0.5.RELEASE-tuxcare.3 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.0.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8a1957d8-6e40-5a13-bb12-92488280ed96", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 3.0.5.RELEASE-tuxcare.3 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.0.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3a125ba3-d8ca-5bd7-a770-d2036c0940b8", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 3.0.5.RELEASE-tuxcare.3 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.0.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:95408d9e-b0e8-5ce5-8f8b-5ffd23b76cb1", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 3.0.5.RELEASE-tuxcare.3 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.0.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f51a05eb-c67b-5aaa-b66e-1505b9c20486", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 3.0.5.RELEASE-tuxcare.3 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.0.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5723da35-4b58-5d87-b2d6-71c156e33538", "id": "CVE-2022-22965", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22965 affects version 3.0.5.RELEASE-tuxcare.3 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.0.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ad74ec64-6335-5ffd-9a89-081b002fbc0b", "id": "CVE-2022-22968", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22968 affects version 3.0.5.RELEASE-tuxcare.3 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.0.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:efb288be-6304-5784-a0b9-87ee29ab8a37", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 3.0.5.RELEASE-tuxcare.3 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.0.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c54c19a7-8d5f-51be-ac4e-f8f0cce86ed4", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 3.0.5.RELEASE-tuxcare.3 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.0.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8c3994e9-26e8-549a-a3fd-c6bc6fe4bc6a", "id": "CVE-2023-20863", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20863 affects version 3.0.5.RELEASE-tuxcare.3 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.0.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f93f60af-c06e-5503-98a6-4f11f0113803", "id": "CVE-2024-22243", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22243 affects version 3.0.5.RELEASE-tuxcare.3 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.0.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:69d9a4b6-7a49-5d7e-95d5-4cf8b966b53e", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 3.0.5.RELEASE-tuxcare.3 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.0.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:33dc3ac4-0311-5c42-a628-50c46ce54e73", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 3.0.5.RELEASE-tuxcare.3 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.0.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d4165d84-f23b-546d-9708-ebc3f69f9435", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 3.0.5.RELEASE-tuxcare.3 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.0.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a24a32a3-f744-5c90-a7c4-f66742442484", "id": "CVE-2024-38809", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38809 affects version 3.0.5.RELEASE-tuxcare.3 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.0.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d0df080d-91e0-5698-8e80-6414bfccbbb4", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 3.0.5.RELEASE-tuxcare.3 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.0.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ca116cb0-ad8a-596e-8f24-73a86b3c3409", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 3.0.5.RELEASE-tuxcare.3 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.0.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:68ef723b-c12b-5a01-8f28-c8f3d9c7c40c", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 3.0.5.RELEASE-tuxcare.3 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.0.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:22af9673-2b88-54b7-bdc7-833232f8b8aa", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 3.0.5.RELEASE-tuxcare.3 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.0.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3f2ac7a0-fe07-56fb-afd3-698cb18dbbd3", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 3.0.5.RELEASE-tuxcare.3 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.0.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:28196acf-f008-530c-96ec-9f8888244154", "id": "CVE-2026-41842", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41842 does not affect version 3.0.5.RELEASE-tuxcare.3 of org.springframework:spring-asm. not_affected \u2014 Spring Framework 3.0.5.RELEASE does not contain the vulnerable content-based version strategy feature. The vulnerability requires VersionResourceResolver and VersionStrategy classes with removeVersion() logic that removes all instances of version strings from request paths. This feature was introduced in Spring Framework 4.1 (2013), approximately 3 years after Spring 3.0.5 (2010). The target's ..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.0.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c098d98b-7aad-562b-ac22-d967ec2666fe", "id": "CVE-2026-41843", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41843 does not affect version 3.0.5.RELEASE-tuxcare.3 of org.springframework:spring-asm. not_affected \u2014 Spring Framework 3.0.5.RELEASE does not contain the vulnerable content-based version strategy feature. The CVE-2026-41843 vulnerability affects Spring Framework versions 5.3.0+ where content-based versioning with automatic version string removal exists. Version 3.0.5 (from 2009-2010) predates this feature entirely and uses a simpler resource handling architecture without version strategy classe..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.0.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3d15bb9f-8a01-5336-8740-0449bbf331dd", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 3.0.5.RELEASE-tuxcare.3 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.0.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7d75b1f5-ab47-54aa-a962-39f682b69f93", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 3.0.5.RELEASE-tuxcare.3 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.0.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4af8b876-f991-5b04-9ee2-4b916f2302ce", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 3.0.5.RELEASE-tuxcare.3 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.0.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fc295a13-4c77-5a77-9656-10b69b6212fc", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 3.0.5.RELEASE-tuxcare.3 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.0.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:548c33c1-5781-5053-a8fd-a4c7d4539e14", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 3.0.5.RELEASE-tuxcare.3 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.0.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a5f93e3c-9ad7-56d3-9319-9a9faaa1e768", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 3.0.5.RELEASE-tuxcare.3 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.0.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:47191e5a-1e25-59a2-b7f0-59aecd6ccfac", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 3.0.5.RELEASE-tuxcare.3 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.0.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f6a34063-a786-5534-a9ec-16d14f0ff254", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 3.0.5.RELEASE-tuxcare.3 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.0.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:57080f3f-f151-5db7-b80e-8227c3d7906c", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 3.0.5.RELEASE-tuxcare.3 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.0.5.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ef86dbab-aa63-5a5d-b582-380d5453a2a7", "id": "CVE-2026-41855", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41855 does not affect version 3.0.5.RELEASE-tuxcare.3 of org.springframework:spring-asm. not_affected \u2014 Spring Framework version 3.0.5 is not affected by CVE-2026-41855. The vulnerable JMS message converters (MappingJackson2MessageConverter and JacksonJsonMessageConverter) were introduced in Spring Framework 3.1.4 (December 2012), after version 3.0.5 was released (2010). The target version does not contain the code that reads class names from JMS message properties and uses them for dynamic class..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.0.5.RELEASE-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.0.5.RELEASE-tuxcare.3" } ] }