{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:f8a27bc6-ff1c-596f-9035-f279e8d8a4db", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-context", "version": "4.1.7.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:0a6f08dd-2614-5b03-8a4d-42d2e3e0397f", "id": "CVE-2015-5211", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-5211 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:08857d39-efa6-5fd3-b13e-a95cf0c16854", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:899ecb6f-1048-519c-b158-30e8ad6ca99b", "id": "CVE-2016-5007", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-5007 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:60216250-7b95-5be2-ad95-80911b473512", "id": "CVE-2018-11039", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11039 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:44bf8911-7d9d-5432-98a0-e36a272be72b", "id": "CVE-2018-11040", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11040 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8846ba88-2e84-517e-9fa4-a075e3c0b775", "id": "CVE-2018-1257", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1257 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fa2e0a24-1ace-5d16-9428-939cdb8e8422", "id": "CVE-2018-1270", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1270 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:96c2ff32-4db2-5889-8e93-403ca11dfd59", "id": "CVE-2018-1271", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1271 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fbb5bebb-f143-52fb-af74-a3fe6da7fcd8", "id": "CVE-2018-1272", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1272 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:674f81b8-1690-519b-8885-c7004addacc4", "id": "CVE-2018-1275", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1275 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0ac52fb7-00ab-531c-ad2f-2db80d13804a", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:83099ce1-1b5a-5357-8a07-4f6d2df60aa7", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:aa7263fe-0ca6-5e3c-8830-b513cadceea8", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1d8f0915-b6d8-5549-9491-d4bb6f346f55", "id": "CVE-2022-22950", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22950 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4aabe082-1397-57d0-895d-b61b1742ecb6", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:378c4c11-b9a0-5a11-a4bb-81d04f32294e", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0490dfbb-df10-5f05-a995-fef3296c7b56", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e4db275a-0faf-5b03-836f-f72288154cbd", "id": "CVE-2022-22971", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22971 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a4ccffb6-a66d-5348-8332-c52f6b04aad6", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:99ab2ee5-42e8-509b-819c-494075473c46", "id": "CVE-2023-20863", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20863 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fccc83a5-dccd-5ae3-900e-0b43ee611457", "id": "CVE-2024-22243", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22243 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b06119d7-b57c-55e0-9870-da92a98d0622", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3353ba35-83dd-5890-b60e-2133970ce1ac", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ae435256-dace-5106-a444-37ab91110206", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:43f32692-ecf1-5344-b7d6-ae8dbd087c9a", "id": "CVE-2024-38809", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38809 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1c5490e3-48fe-5986-bea4-4918c6a4e340", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:da4d39bf-9cb3-5c22-98dd-ad79dc3a9326", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5a16b3e2-afcd-5e6f-af86-87481dc78b37", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:581f4929-b24e-57a2-a144-8445c5d8899d", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6c13eeca-7870-5313-8789-458d08355bc0", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:81e6d71f-b232-5839-b639-15ee5e762a43", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f41ae58d-3cc8-5caf-beec-399de48930fa", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:240e1796-f75a-5cf9-b7c2-b52deb142e16", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:28591322-f34e-5a3e-af8a-39b45d95ff82", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:320faa21-a7c4-5d6b-9812-9938bed75d11", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9d599186-903b-59ee-aefe-c13f9dc69d2d", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:179b2d7e-684f-5a24-9065-e8ac0a621c67", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c1cecb4a-b62a-5d58-b9b3-4e320e683d61", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bbd3a6a3-f179-5f4c-87e5-1ef0e23a4a57", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b557655d-1791-563d-b8dc-382f5a2a369c", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1bcef401-2d53-56e5-8182-8ffe38f73dfe", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0da78038-6853-5337-864f-63300862faec", "id": "CVE-2026-41852", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41852 does not affect version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-context. not_affected \u2014 Spring Framework 4.1.7.RELEASE is not affected by CVE-2026-41852. The vulnerability requires record-style property accessor support (empty-prefix method lookup), which was introduced in Spring 5.2+ and does not exist in version 4.1.7. While this version lacks void return type validation for getter methods, it cannot invoke arbitrary zero-argument methods as described in the CVE." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6f026f15-4438-52c4-ab4a-c3e132412e05", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1ff9c514-2450-5e8a-b7a6-20f70cc1faff", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.2" } ] }