{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:8674a339-4e89-5262-bdd6-99d75a0cac06", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-asm", "version": "3.1.1.RELEASE-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:1d08b531-9f33-5bcc-ae99-0896ebf08a8d", "id": "CVE-2013-4152", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2013-4152 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fd68f7bb-450f-5043-a8e5-0b03ce50de1a", "id": "CVE-2013-6429", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2013-6429 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6c7e2937-bcae-5edf-b9fd-13e6bb10d651", "id": "CVE-2013-6430", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2013-6430 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:756ca890-9322-5837-afd4-a7a3740f73f9", "id": "CVE-2013-7315", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-7315 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:772374e6-7c7c-5090-b264-f00e16e6ef0c", "id": "CVE-2014-0054", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-0054 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bcc13564-7dae-5f23-9b5b-8cd8a14c83f6", "id": "CVE-2014-0225", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-0225 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d07f64c1-35bc-5a6a-971b-f7e2db5bbbd3", "id": "CVE-2014-1904", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-1904 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b7c4d818-a30e-5239-b507-c98f38e87d40", "id": "CVE-2014-3578", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-3578 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5c0c3f1a-0a63-58af-8fc7-869079649e36", "id": "CVE-2014-3625", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-3625 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1c57930a-64e9-5a53-9caa-72d9a22aaa9d", "id": "CVE-2015-3192", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-3192 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c3265e34-738f-5846-aec3-576b605ec428", "id": "CVE-2015-5211", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-5211 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f5ac3f21-d4ce-5ecd-9f95-e933463b2491", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a87772d9-cb00-59ec-8cd7-da711d7f2111", "id": "CVE-2016-5007", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-5007 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a3cb94ad-7a6d-5282-bfce-b6ae74e9de55", "id": "CVE-2016-9878", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-9878 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c5f2b923-fcf9-5b7f-a5cf-20efa93f63b3", "id": "CVE-2018-11039", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11039 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:372f2291-3804-511f-9d56-c6f8cc1cdd2d", "id": "CVE-2018-11040", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2018-11040 is a false positive for org.springframework:spring-asm 3.1.1.RELEASE-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8d8f17e5-f525-5699-9257-caff584beacf", "id": "CVE-2018-1257", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2018-1257 is a false positive for org.springframework:spring-asm 3.1.1.RELEASE-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bd808194-4040-50ee-b92c-881d9c179cfc", "id": "CVE-2018-1270", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2018-1270 is a false positive for org.springframework:spring-asm 3.1.1.RELEASE-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4658cb3b-c552-579e-a456-b9a727e55a78", "id": "CVE-2018-1271", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1271 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d3e288e7-8cc5-5b29-9b2d-1be448bda204", "id": "CVE-2018-1272", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1272 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c9a4e7c0-3b49-54ff-afba-898c036d6bd4", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:52b95e95-52bd-5fdb-86c7-9b9c21615296", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f89219b0-1db8-5633-a443-c4a595466502", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:07cc648e-8ce5-5b61-b1b5-0b3302dfc98f", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7dc1f592-078c-527a-bcc8-2b149b25dc92", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:925ccff1-17fc-5d08-91d7-66b02ce31243", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0f16bfca-fcaa-56c4-a66a-345239f0421e", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:65018a41-bb56-5a82-a869-102dec23794d", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e2f32782-84ec-53bf-802e-4d63e980e7a6", "id": "CVE-2023-20861", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20861 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e30b9548-7d1f-56ce-bd21-4b3fad05735c", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ab66f89f-82f6-5aa4-ac9c-ab6fec32f96d", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:86c83021-85f4-5ee3-a3d2-3e3706d26816", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d1e69362-7ef9-5d87-81a8-9ea05cb3f175", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:84a4529a-4eee-5877-b64a-8341b8191eef", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:80396dca-7b34-525c-a6ac-c166891930ea", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:00b9ffc9-6d64-5466-8486-6b93a101ac09", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a4008554-61cb-5a3e-b152-a5ac486768ad", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a571cba8-297b-5734-840e-6dabb6b0fadc", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f9060f4e-19ac-5714-a119-99717c109456", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4488e572-b440-5f43-9dbb-cdfb5df968d5", "id": "CVE-2025-41242", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41242 is a false positive for org.springframework:spring-asm 3.1.1.RELEASE-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f64aed39-03e9-5d2b-bfc0-00bddad3271e", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7d0eb9b9-c55d-5475-abd9-2c2a0438e7bc", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f6339f17-9071-51c6-ad6f-cb5c8812aed1", "id": "CVE-2026-22740", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-22740 does not affect version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-asm. CVE-2026-22740 is a WebFlux-specific vulnerability (reactive multipart temp-file cleanup in org.springframework.http.codec.multipart.MultipartHttpMessageReader / PartGenerator). Spring Framework 3.1.1.RELEASE predates WebFlux entirely - the org.springframework.http.codec package does not exist in this version, and there is no reactive multipart code path. Per NVD, affected versions are 5.3.x, 6.1.x, 6.2.x, 7.0.x only; Spring 3.x is not in the affected range." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7e46e6c3-e8fa-56ba-9948-70acb634955f", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:91ee0b37-1faf-5edb-bfb7-bb1d39b1f594", "id": "CVE-2026-41842", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41842 does not affect version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-asm. not_affected \u2014 Spring Framework 3.1.1 is NOT affected by CVE-2026-41842. The vulnerability exists in content-based version strategies for static resource handling, a feature introduced in Spring Framework 4.1 (2014). Spring 3.1.1 (2011) predates this feature and contains no version removal logic in resource handling." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6a1aa877-c9ad-5884-a104-7602df01afe9", "id": "CVE-2026-41843", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41843 does not affect version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-asm. not_affected \u2014 Spring Framework 3.1.1.RELEASE is not affected by CVE-2026-41843. The vulnerability requires the content-based version strategy feature (VersionResourceResolver, AbstractVersionStrategy, etc.) which was introduced in Spring Framework 4.1+. This feature does not exist in version 3.1.1, making the attack chain impossible." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4b6a6207-f3f5-5e03-be4c-2483247c674b", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:45322ebd-05b9-56ff-ac20-81156235fbdc", "id": "CVE-2026-41845", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41845 does not affect version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-asm. not_affected \u2014 Spring Framework 3.1.1.RELEASE (2012) predates the ECMAScript 6 specification (2015) that introduced template literal syntax. While the code lacks escaping for backtick (`) and dollar sign ($) characters in JavaScriptUtils.javaScriptEscape(), these unescaped characters cannot lead to arbitrary JavaScript code execution in the pre-ES6 JavaScript environment this version was designed for. The att..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bfb6940c-0130-56f5-b153-8d50dd74447e", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e712b117-b4eb-59e4-9dd1-9098649e4f6b", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e6d47f3f-695b-561a-bf23-33bcb536d915", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4eaffacc-7337-5ac6-b6b6-7d8a02b14939", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ace80798-70b5-5536-9aec-da5721a0164a", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c9e9706b-b8ec-5bde-9257-830809f03ae2", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:20316632-a92b-59c7-abd8-a9560eb9b9f1", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6376d92a-c627-5e5b-b498-5de3ec3d9d0c", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-asm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-asm@3.1.1.RELEASE-tuxcare.1" } ] }