{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:1060a65d-2f92-56d8-af70-41ecbea90c9e", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-beans", "version": "4.1.7.RELEASE-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:458ca187-ab7c-5e8b-8f58-d683754d6457", "id": "CVE-2015-5211", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2015-5211 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:02401c18-a0d2-5a58-8b7f-f98787cb5f01", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:703e5772-b164-50f8-9225-7a73d1fa5be5", "id": "CVE-2016-5007", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-5007 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d3eebef9-1647-5116-822c-aca17659d195", "id": "CVE-2018-11039", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11039 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3a6bf47d-f099-5a4c-acc7-70937b8ac17a", "id": "CVE-2018-11040", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11040 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7c7098cc-ce07-5d50-8dff-c93b75276f9e", "id": "CVE-2018-1257", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1257 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:364d959b-972f-590c-92b9-37d465e6d294", "id": "CVE-2018-1270", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1270 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3164e25c-e19c-55ae-80a1-18e70739c353", "id": "CVE-2018-1271", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1271 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8a0b193e-a568-5cb3-89eb-a30ef58846e5", "id": "CVE-2018-1272", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1272 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:16d43353-8a1b-5614-9315-58e8b4c98a9a", "id": "CVE-2018-1275", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1275 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7f078903-94fa-5e70-9e33-b9006aa5b5b8", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:95baaeaa-0132-5803-9d39-d1d807bece42", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f599b6b9-1e0b-5535-b0e1-7ade61843a14", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:84981d64-19e1-50cb-a255-c16232c7e912", "id": "CVE-2022-22950", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22950 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:426ac3e3-4195-59d2-bd76-89e015a3dae7", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e8e3c501-878b-552f-b602-fb3fefff2b88", "id": "CVE-2022-22968", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22968 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:59f6753b-b19a-500c-ad68-6c6c86a30df2", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0fcb8ace-5078-58d8-9c90-8a0cdda9575f", "id": "CVE-2022-22971", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22971 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f47fc6ed-503a-50e6-80ea-e0d98e81790d", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9563509e-61f6-5b9c-a227-b16dcae69cbf", "id": "CVE-2023-20863", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20863 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:68abee95-957a-5644-aced-a8db8a9fc786", "id": "CVE-2024-22243", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22243 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c811b0cc-a8b4-5025-a585-d613ef44d879", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c3b2a2d2-a11d-51ab-95a7-4d0e2738965e", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ff6e848d-3255-5fa2-a22f-bbf7ebd7a6d5", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f42fda50-1691-536d-ad7c-95923dd9fb85", "id": "CVE-2024-38809", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38809 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7bcbfeb6-262a-566b-9f82-736ac5e57ef9", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f0c8434e-61aa-5015-a304-7c18628da0b0", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c466972d-f18c-50b5-ae71-5b594e66cef6", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:73a45c1f-f803-554d-8172-2b140e480a34", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:658c8e24-6fd8-5782-a5ac-e8006bab9f64", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a1c5aa97-3ec3-538d-a2ea-df225c502580", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d0f3a5e5-50e8-55c4-a42a-7642cd635f55", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c70b314c-5a27-521b-83e1-c9d50f474ac3", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:280ca78d-3595-5cce-932b-95479bdb5167", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2b7bb3b7-a6a4-5385-9885-aadc7f12f374", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0f70866c-f1fe-5d0a-a85a-3db627bc875d", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0c499f5f-475b-50dd-b091-80536b1c7b28", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f2857eec-a6b5-5805-b2ea-ee7daee20d58", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7bd7d1f3-d746-5e06-b4f2-26e40ddce6ff", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6431390c-09d3-5f35-bee8-19398d3229e7", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2e04b6f9-bed6-5271-b5ba-8479758b1e1f", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9ecae468-41c0-56ec-b61d-2d0ac5ac0789", "id": "CVE-2026-41852", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41852 does not affect version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-beans. not_affected \u2014 Spring Framework 4.1.7.RELEASE is not affected by CVE-2026-41852. The vulnerability requires record-style property accessor support (empty-prefix method lookup), which was introduced in Spring 5.2+ and does not exist in version 4.1.7. While this version lacks void return type validation for getter methods, it cannot invoke arbitrary zero-argument methods as described in the CVE." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b4680539-3f75-54c3-8fd6-5592655027fc", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2646a1c1-2a3a-5f4c-8234-fd14feab0df3", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.1" } ] }