{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:be163bd8-eb0f-5f34-8d3b-23a2e3de2952", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-beans", "version": "4.1.7.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:22a8a392-7c8e-5f03-ad4c-5233909a3e7d", "id": "CVE-2015-5211", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-5211 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:be416dcc-14f0-53ed-9602-035052406de0", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ccf44673-0f22-51a1-991c-1249cf7c627e", "id": "CVE-2016-5007", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-5007 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c25c8d59-1167-5315-ace4-5b5ba7b21515", "id": "CVE-2018-11039", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11039 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:91bd4d16-d17b-50c7-af0e-4749b64f632e", "id": "CVE-2018-11040", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11040 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:098e8d7b-c660-5686-9fc3-5b76e7a8bb93", "id": "CVE-2018-1257", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1257 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a7b98c0e-db4c-51e4-8b5a-3d4a31410aab", "id": "CVE-2018-1270", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1270 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:25e9a222-17e4-5bbd-a4d4-547cf876afcc", "id": "CVE-2018-1271", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1271 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:710ad7f2-80bc-53ae-b5aa-22c81ae66f53", "id": "CVE-2018-1272", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1272 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4498fc7d-4343-5115-92c2-4b7600fcbbb3", "id": "CVE-2018-1275", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1275 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5c114dc7-c76c-554f-999f-5b5a92aaf1db", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ec804552-c1e3-586b-9c49-32b96f2d8246", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:760e1e09-d5bd-5dec-b177-4a4f1f6b7c8d", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1a741d14-b3a0-5486-bb3d-e93200a4e2cf", "id": "CVE-2022-22950", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22950 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c2ac5acd-6fc6-5e8a-b58b-6dc62bb2b22b", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b4a1314c-50b8-5010-a802-2cefd8af8376", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:31b2eb5f-5e8b-5ef4-acf0-f903116919b0", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:89c1453e-3ec6-56eb-a135-fe166563bc54", "id": "CVE-2022-22971", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22971 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d01a7ade-bfaf-5b58-b164-35243c8d694d", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:27f10a70-946f-5dfa-94c1-b1260cbaa2c1", "id": "CVE-2023-20863", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20863 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6ec63553-c6c6-5982-bcb9-8ca4fe9e71a3", "id": "CVE-2024-22243", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22243 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d74fd7f8-25f8-5690-af19-7bc906cbc02e", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:73bf21fc-5363-5b45-bd2b-492e4e6b1c75", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d0830aba-c7a3-5350-8fe0-eda73b2121ab", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:13f2c617-4031-5825-8de0-04b4499dbd36", "id": "CVE-2024-38809", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38809 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0d0d7a7f-7276-51d1-a64e-b94fe386be60", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:22fdedbb-d9e0-59ab-9403-602bbeccae12", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:27a271d2-3753-5664-b720-a7cd00a3bf33", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2f38c90f-8e66-58e9-9430-40525eb33135", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5594ae52-3242-5050-b127-b6c2568fd0b3", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:65f951e0-ad74-5bc4-9431-1345c54723dd", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:76eeafbd-6798-50f8-9818-9822c1f20b91", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:95de749b-e6bf-52b2-9411-f50552db8087", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:13ec54f9-ccbe-593f-a592-e66f955b7c5a", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c2283d97-a519-57e3-be20-698e057cc222", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a74af104-a542-5ed7-9522-1b13ba0af944", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:642ab10e-948a-5006-8cb5-005833baa59d", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:226c0fd4-5c1d-57c4-823e-bc012b3d7a0f", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:35db43d4-f834-5829-84eb-2a71e4e1370d", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:56e59a0d-24f8-5eb6-914c-4d920271d1bd", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fc52f5c2-8b8b-5a75-9839-bebd00ebc9b8", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2ac34f71-4f9e-5486-81dd-0222b23e47d3", "id": "CVE-2026-41852", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41852 does not affect version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-beans. not_affected \u2014 Spring Framework 4.1.7.RELEASE is not affected by CVE-2026-41852. The vulnerability requires record-style property accessor support (empty-prefix method lookup), which was introduced in Spring 5.2+ and does not exist in version 4.1.7. While this version lacks void return type validation for getter methods, it cannot invoke arbitrary zero-argument methods as described in the CVE." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:81a73f79-a982-5483-9cb5-a0fab99f5e08", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:450fead0-82e7-5a31-a3f0-21ce7370ab1b", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.2" } ] }