{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:cd5b02e0-ce9c-586b-b1d6-7f9c07fe3175", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-context", "version": "4.1.7.RELEASE-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:84d315d6-1316-5f07-a49a-c86f7b26db1e", "id": "CVE-2015-5211", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2015-5211 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f61fcc25-7cd2-5170-aa1d-d11ea74680a0", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7fc71d99-b27e-531a-810d-7b321ebcb1f1", "id": "CVE-2016-5007", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-5007 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f4837c37-bfd4-5c28-9eb2-3c417401f713", "id": "CVE-2018-11039", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11039 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5ec4371b-3542-5aaa-84f4-985be05d436f", "id": "CVE-2018-11040", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11040 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:75c0efe9-0b80-5696-a74b-32ca697f9722", "id": "CVE-2018-1257", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1257 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9346f24f-9636-5f2a-9f13-cf33f1e4a773", "id": "CVE-2018-1270", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1270 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:494c0863-efda-5bf4-88fa-48e232ff6bcb", "id": "CVE-2018-1271", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1271 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0f4709fc-1c1b-516e-89ae-d70712d5ce76", "id": "CVE-2018-1272", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1272 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3bc43243-eaf4-5d30-8e12-10571d21fe8a", "id": "CVE-2018-1275", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1275 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:78bfd68c-89c9-5166-ab6e-3bd19f92c44b", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:47fbc007-cdd0-5b08-ae07-5f1ce7139e6e", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e1879140-1630-5fc0-bd46-695d18159b17", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f9147e12-070a-5ad1-9c6c-f87cec107526", "id": "CVE-2022-22950", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22950 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6c02e309-fc61-535d-8678-a0cf947cb47b", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:06615314-a7fd-5de1-9453-40cf93718014", "id": "CVE-2022-22968", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22968 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ad69ce47-e0be-5b70-b1c7-38565873a2eb", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7af54973-b702-5eb4-be73-2da57fa60111", "id": "CVE-2022-22971", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22971 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3ceb685c-8de5-5f67-a604-1391bbd00d0d", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2b3e9c1b-5030-5142-b8fb-fa5c3ecabb07", "id": "CVE-2023-20863", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20863 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fb946a96-cd65-51fd-b6bb-23e246d6ee99", "id": "CVE-2024-22243", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22243 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:868cba9a-7315-5362-a4a7-8ecb9d03dee7", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:68760123-df27-5008-95c3-df300e3422dc", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:15c0ed43-be4e-58c8-9d91-6ec80749282d", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:321dd247-b133-555c-a4c4-6aef29277a0d", "id": "CVE-2024-38809", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38809 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:88924f9b-7f27-571c-8520-e1337956bf4d", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:94d40700-11b9-58df-a0f1-a2cb6baa8a7c", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:12915600-0ed7-5666-82fc-9db48916c879", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8f61fe96-91cd-5119-be12-2c69504cc899", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5cb977b5-73e3-52fe-bd86-315e4ea7713a", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8e08b5d1-6450-5fd6-8604-0a739a403327", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9328bef1-dd88-53ba-87c5-5b7ebbc238a6", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cd436353-b8a0-5081-9e40-744764492486", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3f4a6e0c-6caf-58fe-abc8-90b44b5c62f7", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:722d8e42-2d50-5406-bc0c-5f6719ddb396", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b399fc35-b2a5-513d-a0e1-dd217901546a", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6b7eda53-3089-595c-8111-885efa05863a", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e05a48fe-3b92-5ec8-9a56-e38dbe8ba98d", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c984dcc9-70e9-5916-8a22-12f322faf85c", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0402fe6e-7b4f-5bcb-847b-cd44e1c3bb73", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:888f675a-5d11-5a5d-b20d-8c11d64de84e", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:393b2cf2-42bd-5422-8a8e-32d3ad01f93b", "id": "CVE-2026-41852", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41852 does not affect version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-context. not_affected \u2014 Spring Framework 4.1.7.RELEASE is not affected by CVE-2026-41852. The vulnerability requires record-style property accessor support (empty-prefix method lookup), which was introduced in Spring 5.2+ and does not exist in version 4.1.7. While this version lacks void return type validation for getter methods, it cannot invoke arbitrary zero-argument methods as described in the CVE." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b30c81ed-cfc4-53c4-974d-bfc1bf0117f8", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8e11de59-74fd-5ed5-a20b-be487ea1bbb4", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.1" } ] }