{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:07400372-d646-5007-aaf9-0f6391f03c16", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-aspects@4.1.7.RELEASE-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-aspects", "version": "4.1.7.RELEASE-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-aspects@4.1.7.RELEASE-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:5e754bf2-96b8-5dba-92af-49f4430398b2", "id": "CVE-2015-5211", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-5211 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:503b699b-1e43-5e13-a364-739c751fdcea", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2588a70b-cf98-5737-934b-37817ff3e7ac", "id": "CVE-2016-5007", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-5007 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fbf6a62b-c1cf-5639-9a7c-3a194d47576b", "id": "CVE-2018-11039", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11039 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:724019d4-f7d8-5561-a584-8f18a25c9d2f", "id": "CVE-2018-11040", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11040 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:03293a5e-a6d3-5ee8-bb59-76069566d9cf", "id": "CVE-2018-1257", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1257 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:139adf81-378f-5d42-88e6-d4962a40a297", "id": "CVE-2018-1270", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1270 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c555e59c-7ec1-5b0d-8382-d0e6bde49039", "id": "CVE-2018-1271", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1271 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0f470c6c-47c3-5459-b316-cab3e7f57a77", "id": "CVE-2018-1272", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1272 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:28ccbd5f-4299-5422-8968-72cab2f32a2d", "id": "CVE-2018-1275", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1275 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8bcc2cbb-5952-523c-95d8-7159c7249496", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ce0e23e3-d4d9-5548-8e47-1795e7e0fd52", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e5da0225-8211-5a7e-84fc-4e59591c0813", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0f2ad2aa-f1fe-5614-8542-3bbde1588382", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:afb722c3-ed4c-5954-8be3-d1dcfd38f857", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7a9b2204-6133-564a-b8fe-aaff9d51dbdc", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:97310606-7798-58b3-859d-1236521e3d83", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:577b7c7f-ac59-5268-82d7-4299d033ae5b", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fa1d133f-073f-5b86-bcff-fff82c9910f6", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b6c31cbb-27f5-591e-9ef1-e23437a20d1f", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:efada6a3-fc90-51c8-9996-344f849d8afa", "id": "CVE-2024-22243", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22243 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:16318f16-1ddb-50c5-99b4-c15eab016cae", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d6250d69-a519-5892-a6e4-637d49bc6b78", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:85213def-f07b-5e9e-b7ce-0dbdb916aeda", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d7a51b2a-034f-55d8-8303-68764212a757", "id": "CVE-2024-38809", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38809 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fdc4f649-9770-575a-8f4a-83717fe250a0", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5f9f8d7e-bc0b-5629-a37a-13a34b13ffa9", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3e6adad5-632b-5792-9d74-a934786d0613", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e3dc1c9b-cf71-5b0a-b4db-96890ff1a609", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1e6a58bc-cb1e-5bb2-8af3-7dcbbb6f5eae", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:80bfaa51-3993-5b0a-be33-b6796a0a5032", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7e669d70-5ef9-5cfb-8c71-e458878d07d5", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4da3ff8a-4fc1-5ba0-9a38-f7f976766f48", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:44c289ef-3d45-5825-858a-286e0832628f", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:28d3dc51-ce56-5f02-90b0-a0d051928c78", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:67484eac-50db-5259-90a4-0095b326dad8", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:413b7eb5-b92a-5bd8-8bca-4c32c718ea03", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3f42fef6-849b-5b6a-8fc8-2135a584d8fd", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:01d30c43-0bcf-59ba-9eec-1c1fd5360adf", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3ffd7b4c-3603-5683-befc-baebb8859354", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:aff554ad-79ef-5c90-aa3f-128ec2fdc7a2", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fdf2dcf3-866a-55fc-b61c-c345c7f0e021", "id": "CVE-2026-41852", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41852 does not affect version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-aspects. not_affected \u2014 Spring Framework 4.1.7.RELEASE is not affected by CVE-2026-41852. The vulnerability requires record-style property accessor support (empty-prefix method lookup), which was introduced in Spring 5.2+ and does not exist in version 4.1.7. While this version lacks void return type validation for getter methods, it cannot invoke arbitrary zero-argument methods as described in the CVE." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:98de2d71-b039-53d1-84e7-3b6f8eb12f2a", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0499838c-4622-5b1f-ae16-8b2bd9757e2a", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.1.7.RELEASE-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-aspects@4.1.7.RELEASE-tuxcare.3" } ] }