{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:1e89d092-35ab-51b5-aed4-4266b628abfe", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-beans", "version": "4.1.7.RELEASE-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:393bdceb-0e00-53c1-975d-5ac11db50913", "id": "CVE-2015-5211", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-5211 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:dd47a8c6-0a9f-51e5-bea9-cfbc013a0598", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:db382308-d42e-5ce3-a9c1-683bbf4a16b6", "id": "CVE-2016-5007", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-5007 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:283660ab-183a-5cb9-b0ad-4424da08942a", "id": "CVE-2018-11039", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11039 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3cd6db5c-6fd4-5daa-8851-f2a75ab69271", "id": "CVE-2018-11040", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11040 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a64f3ec0-37fd-5c88-b7e3-9fee11d9ab49", "id": "CVE-2018-1257", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1257 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:96137a3e-859c-5f0e-afb6-d2744af33c50", "id": "CVE-2018-1270", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1270 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cc8a1de5-bf60-543a-9d7a-07986f17375a", "id": "CVE-2018-1271", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1271 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:fda364cd-c701-53c2-9854-c735ae208447", "id": "CVE-2018-1272", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1272 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5a4698dc-079d-5c3d-a1be-cd264eb500c6", "id": "CVE-2018-1275", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1275 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:170a69d0-d298-58da-b9cc-f660502d3231", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3aeca292-42c0-51ad-9f72-3512b7a43c46", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:286b50ec-0c9f-5964-92ab-2751a29d1c94", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8d54d013-1dd4-5976-a8d2-4a1815a69522", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c818ac9d-7f51-5262-a35c-b74f2591d9d0", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e06b09b0-7bd6-581b-8895-42470ba035b4", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c457d44c-c34e-5ad0-906b-9f986de23124", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e45456d5-17a9-51ad-88c5-4dfd0fa83c39", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:27013d0b-38f6-5c72-bd85-42c464a3b6ce", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f7470aea-d668-510e-be92-840f28d068fe", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:837269e9-5704-51d6-bbea-b54245b1128f", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:44dc6ccd-9fb1-56bf-81af-d4b781d10c91", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c95c9f44-f6c8-5f2c-8a83-7955313bd244", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:69db2029-782f-5809-a720-40b8af2897b1", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8b3a157e-1df7-59ea-b7d1-4b4308c2b92d", "id": "CVE-2024-38809", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38809 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5ce5553d-9b3a-5919-a1d5-f480547d3bff", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:afa638d2-33c9-59d2-8bc9-25ecbd61e9fd", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5d3ca64a-5207-5524-ab8f-b9c45a1bb92c", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:957b7fbb-9060-5a99-a9cd-b0700b94bb7d", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c5a8ee03-83a7-5517-ac19-870a66a84377", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8e216c71-5bae-549f-a415-79d9a813f05d", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:836248da-f998-54d8-9021-383b9b6e4db1", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2778bfc0-a8cd-5875-a6c0-b9fac6a8c879", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:48b3d405-0d51-572e-8353-eba14d3b5241", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a53d8b7a-9fba-5c88-b891-a5c1b5903731", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:de25a270-c02c-57a1-bfcb-a46d31175903", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:76237e0d-200f-53c4-8fdd-717d45769188", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:12c23461-383e-5e04-8d2b-6f1738af7715", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b409083e-33a3-5155-9199-6f2ce645a3c1", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b3263cdb-e901-5737-8b10-247b7e6083f9", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:eafec1b0-fc34-5677-9598-331b1e47221e", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:88cc90c4-be9a-5f06-84b0-e0c3a133e881", "id": "CVE-2026-41852", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41852 does not affect version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-beans. not_affected \u2014 Spring Framework 4.1.7.RELEASE is not affected by CVE-2026-41852. The vulnerability requires record-style property accessor support (empty-prefix method lookup), which was introduced in Spring 5.2+ and does not exist in version 4.1.7. While this version lacks void return type validation for getter methods, it cannot invoke arbitrary zero-argument methods as described in the CVE." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:718a6190-35dd-5bdf-a485-fa9a19c8d93b", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9095cf5f-be56-5e3b-8cf9-892f84594deb", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-beans@4.1.7.RELEASE-tuxcare.4" } ] }