{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:6a8aceed-bb27-5bf9-bfd4-285aff896c7b", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-beans@3.1.1.RELEASE-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-beans", "version": "3.1.1.RELEASE-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-beans@3.1.1.RELEASE-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:0e1d1d16-0197-5e42-b946-a08e82b233d5", "id": "CVE-2013-4152", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2013-4152 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7c103a4b-daed-58e3-a8cb-3723dc19a881", "id": "CVE-2013-6429", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2013-6429 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f0606424-233b-5885-8536-560ee1f0c0c7", "id": "CVE-2013-6430", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2013-6430 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bb56eae3-6cd8-5bb5-8534-86b2f49bb2f6", "id": "CVE-2013-7315", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-7315 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3fd89ddf-f67c-5a79-b081-6256ce934e00", "id": "CVE-2014-0054", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-0054 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5c1ca70c-34cb-5a22-b4e5-24dd472192b7", "id": "CVE-2014-0225", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-0225 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5853b2c0-7fa8-58c6-8b88-443a3269091b", "id": "CVE-2014-1904", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-1904 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:71115148-1b25-56c0-ab72-3069f98dd8a9", "id": "CVE-2014-3578", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-3578 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:14410b9a-80ca-59d8-b91c-b7bee59a79be", "id": "CVE-2014-3625", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-3625 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1cf088e8-d297-5f62-a317-224a72da382f", "id": "CVE-2015-3192", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-3192 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2d2249b6-9d7c-5a16-b945-3317dc0ac17d", "id": "CVE-2015-5211", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-5211 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:441f4aac-ed88-5125-8cb7-11eecbeed69a", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ec8d35a2-904f-5ac2-aa7a-a04bdc7d5847", "id": "CVE-2016-5007", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-5007 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e1da3eb3-185e-5b96-8b65-5ef9087b93dd", "id": "CVE-2016-9878", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-9878 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5db6ad40-8157-5022-acb3-7fe22635ef67", "id": "CVE-2018-11039", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11039 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:24738071-9e1f-57a3-ba16-a6dd84ffe013", "id": "CVE-2018-11040", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2018-11040 is a false positive for org.springframework:spring-beans 3.1.1.RELEASE-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bbe6ecb0-ef38-5058-b6c4-d6d762bea638", "id": "CVE-2018-1257", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2018-1257 is a false positive for org.springframework:spring-beans 3.1.1.RELEASE-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:70141539-c167-51f2-b2a3-79e82f1b5da8", "id": "CVE-2018-1270", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2018-1270 is a false positive for org.springframework:spring-beans 3.1.1.RELEASE-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6dd102b5-bdad-5e84-93b1-861af9676915", "id": "CVE-2018-1271", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1271 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bd154323-8c96-5257-80a0-7a78ea7fcba5", "id": "CVE-2018-1272", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1272 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:64803baa-9b9a-5e86-9a3e-8ae9149232d4", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9011c0c1-42fc-5959-9292-2fb7c49ee288", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ad3d6191-8dcb-530d-8ff6-411e5e878dff", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:874cc5d4-62d4-5b75-8a22-b916aba8ebbf", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2bdbd7c2-8ac3-50bd-83e9-cd2b281d35c1", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c129b8b9-fb59-59cd-90a2-be7dbea196f5", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:db800b4c-2c4f-593c-a4a0-ae8a98c51399", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a3751508-ef85-5bfc-8533-0f9968a9489b", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d4a364d7-c64d-5739-ac9b-64f23cf4a117", "id": "CVE-2023-20861", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20861 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:82fee101-1bc1-5fb8-aaf6-0b239b9f0885", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d575715b-70ad-5cb5-961b-2be92c7ea308", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f2735d7c-cd76-5b11-82ad-efc5d2d8e022", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dacaa384-167a-5c11-a129-ec1047b4b816", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8106a954-ac87-52cb-9a93-d574502a6e58", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3856328d-d55f-5fac-9b58-54b3202d12a5", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e376865d-eda7-5bbe-85c5-06cba1b7a835", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:114c9ec3-bc66-5ff2-90c5-e5fbcde096f2", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f38c883e-4049-5b3c-9c6c-4cc01b06dc58", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0f6b96c1-1457-5a1f-94b2-6cf0b715e40a", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8c1362ee-2943-5a41-b079-0fb1fcdd1771", "id": "CVE-2025-41242", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41242 is a false positive for org.springframework:spring-beans 3.1.1.RELEASE-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ae4a8d88-de66-5a93-8f22-64741b54cec3", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8fd8ae8a-18ff-5b69-893f-eed8f47cbbcb", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b87cb54c-2a03-5af7-ad61-68c7125b654a", "id": "CVE-2026-22740", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-22740 does not affect version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-beans. CVE-2026-22740 is a WebFlux-specific vulnerability (reactive multipart temp-file cleanup in org.springframework.http.codec.multipart.MultipartHttpMessageReader / PartGenerator). Spring Framework 3.1.1.RELEASE predates WebFlux entirely - the org.springframework.http.codec package does not exist in this version, and there is no reactive multipart code path. Per NVD, affected versions are 5.3.x, 6.1.x, 6.2.x, 7.0.x only; Spring 3.x is not in the affected range." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:66760594-ec7b-575c-955a-1303512e835e", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1c808a83-6cea-56c4-876b-83e9d4b88b20", "id": "CVE-2026-41842", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41842 does not affect version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-beans. not_affected \u2014 Spring Framework 3.1.1 is NOT affected by CVE-2026-41842. The vulnerability exists in content-based version strategies for static resource handling, a feature introduced in Spring Framework 4.1 (2014). Spring 3.1.1 (2011) predates this feature and contains no version removal logic in resource handling." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0c2214c9-35bf-5830-8e7f-8e74fce4a8ad", "id": "CVE-2026-41843", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41843 does not affect version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-beans. not_affected \u2014 Spring Framework 3.1.1.RELEASE is not affected by CVE-2026-41843. The vulnerability requires the content-based version strategy feature (VersionResourceResolver, AbstractVersionStrategy, etc.) which was introduced in Spring Framework 4.1+. This feature does not exist in version 3.1.1, making the attack chain impossible." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:849060e4-75ac-54f8-92a7-65ac3b5c043e", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e0858bfd-912d-5c49-9e9b-a7b5e7896de2", "id": "CVE-2026-41845", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41845 does not affect version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-beans. not_affected \u2014 Spring Framework 3.1.1.RELEASE (2012) predates the ECMAScript 6 specification (2015) that introduced template literal syntax. While the code lacks escaping for backtick (`) and dollar sign ($) characters in JavaScriptUtils.javaScriptEscape(), these unescaped characters cannot lead to arbitrary JavaScript code execution in the pre-ES6 JavaScript environment this version was designed for. The att..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bb51e43b-5fd6-5142-8936-20306ff415ba", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e1391818-71d3-5737-ada6-3233d98961f3", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8528f06e-43dc-5509-b0d0-9677b90e10ec", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6bcd0d74-ff81-53af-a250-16a366acb3fe", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:af472c05-a63d-5c03-9699-6d7acb23013a", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e4661add-ea5f-5e62-8715-da7785556343", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:26a9848a-4662-5860-b5e2-2845e438da44", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0571c8dc-9516-5a30-b3c5-30bb07a9b8bb", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@3.1.1.RELEASE-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-beans@3.1.1.RELEASE-tuxcare.1" } ] }