{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:86c7078d-6747-59fc-a86f-d9fbcef3963c", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-context-support", "version": "4.1.7.RELEASE-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:ed1f303b-35f8-59e3-8075-f8351093d22c", "id": "CVE-2015-5211", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-5211 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d5bb908f-2b2b-5092-8485-206274123b03", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a4c4af8e-cb6b-5461-878a-879c960703b2", "id": "CVE-2016-5007", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-5007 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:524b9983-80f0-505d-902b-48bc4fc20dd3", "id": "CVE-2018-11039", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11039 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1504698f-abf2-52ee-b08f-c1a245279d3d", "id": "CVE-2018-11040", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11040 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:84dc1bec-4000-5d65-ba02-6eb91d45885f", "id": "CVE-2018-1257", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1257 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d0611bc0-d27d-5ab7-8689-f3a4411f34ee", "id": "CVE-2018-1270", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1270 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:96e90e79-8773-5875-b69f-6baa7bf2f760", "id": "CVE-2018-1271", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1271 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a1013c86-6b71-5c51-96bd-85af28c6269b", "id": "CVE-2018-1272", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1272 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e2970c40-b8bf-56c8-8dad-02bb0dedfd6d", "id": "CVE-2018-1275", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1275 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7dc78148-a2d5-5d61-9edf-55a575792280", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a6d73c46-7e4e-5b31-868f-dde100b12ca7", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b239f38c-46a9-53b9-bb12-be69e92f5ff9", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7ffe492c-888d-56b8-b86d-ace0a1b67a1e", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f54685cf-fc21-5005-8e6d-49c2735c6bee", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a95bcc0c-7ccc-5752-98d0-f18e19ef2f1d", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c0cf7a39-78ac-5691-9fbb-c67f7d5e8147", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:69dfe03a-6256-517d-a0bd-0301429562e1", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9e36d0d4-5c49-5c13-aa16-9c1b874b4881", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ca0fdf52-a92e-59fd-9d47-dae1c51fdfe2", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:23e6d714-58c4-5c7c-afde-2c59c1745ea0", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8600012b-a569-513e-afa0-8b44c16b5616", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1209250b-b352-5b55-9e11-f776c96f8fa0", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8d87b9b0-8b88-5a51-af0b-0c986d4df785", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5f761e67-5e48-5ead-aa27-d598055afa71", "id": "CVE-2024-38809", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38809 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4b10c13c-0070-5419-bd33-d8c5d5d53f74", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5344a2e8-1a85-5059-b9ae-7d40abeea858", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2248323c-ed3a-5b40-8a84-e4142b6e8620", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e63ea986-28a2-5539-9c5e-5cb6bd9ed61d", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:91f9a853-65f1-58a0-967c-50d52a274f44", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5682eacf-bb15-5be4-aaf3-edf3fa3f2ffb", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:bae04656-4d98-5cad-b3a9-5449bd3318a0", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:40f2cce9-21a4-5bbf-b375-84e93121a19a", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b0ccc619-5c3c-5e88-a455-a98591519530", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b2e1a87d-5542-596a-9af3-5ded39dc24bf", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c4c9c7e1-b5b6-53c5-9dcb-9397f0ecea18", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4d50db51-bff0-5f74-8dc0-d276e36773c3", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c5def9bf-c394-5957-af82-509948f5ab8e", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e8750f89-8f35-5e1e-be61-a26e1e4790e0", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d667a955-2809-5980-ba48-8f77aaa694a6", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:eb5aa116-1b41-5e50-a336-d92a8e173f9b", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:866cd4a7-a2c1-5a1d-82e3-1321b3d05ca8", "id": "CVE-2026-41852", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41852 does not affect version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context-support. not_affected \u2014 Spring Framework 4.1.7.RELEASE is not affected by CVE-2026-41852. The vulnerability requires record-style property accessor support (empty-prefix method lookup), which was introduced in Spring 5.2+ and does not exist in version 4.1.7. While this version lacks void return type validation for getter methods, it cannot invoke arbitrary zero-argument methods as described in the CVE." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:53e19678-1543-5f17-8331-ab88f993af22", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c9fd3940-b083-5b61-998c-840c6be3eb6f", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context-support@4.1.7.RELEASE-tuxcare.4" } ] }