{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:7af5297f-ce29-5bd3-9908-c1ea8b46c03f", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-context", "version": "4.1.7.RELEASE-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:b79982ff-4774-5002-82f2-0116784cc9cb", "id": "CVE-2015-5211", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-5211 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c3541923-0f59-52a4-87da-2d201db25b04", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f2a77559-3787-54db-8ae1-855f8389b35a", "id": "CVE-2016-5007", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-5007 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9bb3f35f-410d-5104-bd85-b49a3ba014bb", "id": "CVE-2018-11039", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11039 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cda3613f-3850-5dbe-b7c0-01d2451f96ad", "id": "CVE-2018-11040", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11040 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:eeb77a42-56a8-5832-83e1-868dcfc18698", "id": "CVE-2018-1257", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1257 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7b6c6558-bb2e-59b8-b5f6-be51dde62244", "id": "CVE-2018-1270", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1270 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9e7bf1b8-e225-59a0-86db-714ad7f0a586", "id": "CVE-2018-1271", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1271 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bd356417-3a39-56a4-b16c-2ca244e1bb3c", "id": "CVE-2018-1272", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1272 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7945a49c-f0f0-553f-a2ff-67513179c076", "id": "CVE-2018-1275", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1275 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f63ef551-abe2-5223-b970-d786b6d33ea6", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f6f0b69c-cfd0-591a-a3b5-3914a7dd6511", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:72f5648c-ab0e-52f1-a7c8-93967f373bfb", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bf2ec3b1-d98f-560d-b2f4-bf6284fb9d81", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:eb420d38-8ca0-5472-ae77-036ef1f939a3", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1284e7bf-b2b7-5944-b1bd-b186158afbea", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:32ee2205-7945-5323-b114-a1a43590fd8f", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7182ef83-9324-53f7-8a7e-997df6712823", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:340d9947-c4ab-5d28-8d41-7de5754fadd2", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:65dd8160-1375-5f92-b217-756193cfd0c4", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b571a434-5743-5011-8289-5c0508b0527f", "id": "CVE-2024-22243", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22243 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a1a987a2-3046-50e6-80e7-958d4dcedcd4", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e546583a-a8e6-5858-aeee-f2f8ef4d2b1a", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7a81f836-ab56-530d-b70e-8138599b30df", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a43d5624-a10a-5930-a240-ca7706eee850", "id": "CVE-2024-38809", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38809 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:547d1148-52b3-57c2-84a4-8266d777ee3d", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:120b7a86-d25d-5b9b-a313-3ced1e88d40b", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f3b7d9b8-77bd-59f0-a67f-5a4c98794f3c", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:20644757-d556-55b5-97e5-f602c8067e4f", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:55c81f98-7617-5349-bd0c-e2ff8ed6cb8d", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4c803069-0f3d-5ce1-8d8f-7d6e36aefc7f", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2bf7bba3-c054-53e0-8575-671df4ce9e9e", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ca3c9be5-5cda-5c9c-b17f-0183cb1bf6dc", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1afd2c53-4b57-5c94-950a-aa8b9ecd0c80", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f58a4b13-1c8b-52a4-8369-f12d6208bf0c", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b1cd3057-4890-5541-a21e-71aeeeb89505", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:33bcb52a-1d19-5f16-ab58-d3ccae3114d5", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:00c8f4b1-4853-5c51-91b9-acfa0efdfb88", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:60141176-14dd-524b-b355-846a89a98316", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e15ed3d5-0f63-5ecc-86ed-7ccc65390db7", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:888e5188-ca52-5cbb-bc9d-8150285d1a5c", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cfe68b5b-3b65-5060-99c9-0203315a0754", "id": "CVE-2026-41852", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41852 does not affect version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context. not_affected \u2014 Spring Framework 4.1.7.RELEASE is not affected by CVE-2026-41852. The vulnerability requires record-style property accessor support (empty-prefix method lookup), which was introduced in Spring 5.2+ and does not exist in version 4.1.7. While this version lacks void return type validation for getter methods, it cannot invoke arbitrary zero-argument methods as described in the CVE." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bf85462f-7cc7-57ba-8362-f341bd96cf8d", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7f35ffd0-d00b-582f-8e9f-6f7e9e980c6f", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.3" } ] }