{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:2e4a867c-c8ae-5e18-a159-1f6dd7413142", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-context-support", "version": "4.1.7.RELEASE-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:912741a9-08aa-52cf-a329-be0cec220b28", "id": "CVE-2015-5211", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-5211 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1090d9b9-f34f-52e3-b18d-c4b8959d17a4", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:05c43375-8caa-5502-b6ba-87cb59837459", "id": "CVE-2016-5007", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-5007 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:38c566a7-7cd9-594d-8cf8-e47a3d0e85f5", "id": "CVE-2018-11039", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11039 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:12f9196e-81ec-58d8-aef3-8a1c1a3651ca", "id": "CVE-2018-11040", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11040 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:39f3b13e-c7d1-5af2-859e-1c6f70f539e8", "id": "CVE-2018-1257", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1257 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c3cc1494-d50b-529f-ad33-428132177506", "id": "CVE-2018-1270", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1270 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:14d20754-d39f-5855-bf28-9af821002f28", "id": "CVE-2018-1271", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1271 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:549b90c1-f761-5225-94c6-a3c1deb09993", "id": "CVE-2018-1272", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1272 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f8fdb5de-eb06-5e32-b653-8c15d19123ae", "id": "CVE-2018-1275", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1275 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b7e5181b-fc52-50a0-a944-bd22ad7dd3de", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:642f4cf1-bbde-5a4c-9bc9-8e9fa8bd730d", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4431a797-5047-589c-a906-07856f4f253f", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:db929665-fee6-594f-bf33-e07112dfdb15", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:401fd8da-1cec-5656-94c6-83756b663b81", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:37c1ab1d-6d17-5822-836e-80500e291cb9", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8153c59b-d44c-531c-9e40-ec9a2d6780f8", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:363a6e58-6983-5e8a-aaf6-2a7f84e52a63", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5b3fcf1f-dd3a-55b8-a0a1-73e4f6aba4e6", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9fbb58af-60fb-502c-8204-979ee3cfccc3", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ee76350e-463b-5c31-b9ab-f6aa60b04ad7", "id": "CVE-2024-22243", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22243 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c1310ce9-f67d-555c-8bab-db0c365b367b", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:70d4014b-a5b6-5e60-94b2-621a79c15d2c", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:28d9a1e7-332d-5f28-b713-438ad3b1d424", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:50045566-473a-5d4c-bb2a-5e8245226464", "id": "CVE-2024-38809", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38809 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1c39cc6c-d332-54af-8895-cd32c24a9c9f", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2af70506-4164-5e65-ad26-ae9099610902", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2bf0fdd6-9427-5afd-b47f-6181e3880809", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e23d8fec-e509-5573-920f-b1e647f82716", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e3c12e2e-aef8-5456-a53b-fb9240251440", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bbc6f06b-771a-58b6-b2b0-c7fb6c56069c", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7aa1e2f5-24f5-57a8-b555-4e54bee57476", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d40914d1-12a7-55db-a276-4281a725d0d9", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3e1fd8b9-625a-5513-9f6c-32d9eccc6e0d", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d7fb910b-358e-5cc4-88cf-1b56b4ed5356", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:675a37b5-31ce-53e1-986a-f8b198af582c", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fc5abe8a-3211-5d11-8359-291e17b2280b", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:972bb911-26b7-52f8-acd1-110c98a3919a", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:59b45fd6-cad3-5293-bf6d-540e4ee4427f", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5ed018ab-9bc0-5397-81f7-57013b7b0f07", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a02ce177-bdde-521e-be5c-f227d375aee5", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d9f59d5b-6244-5a83-9032-11767585203d", "id": "CVE-2026-41852", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41852 does not affect version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context-support. not_affected \u2014 Spring Framework 4.1.7.RELEASE is not affected by CVE-2026-41852. The vulnerability requires record-style property accessor support (empty-prefix method lookup), which was introduced in Spring 5.2+ and does not exist in version 4.1.7. While this version lacks void return type validation for getter methods, it cannot invoke arbitrary zero-argument methods as described in the CVE." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c4694bb3-474b-5083-8795-cc29e2cede35", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b16957e1-3e94-5b46-9d82-5d59edcb61ff", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.3" } ] }