{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:faf3df84-6898-5376-92ae-1821dbb35c29", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-context", "version": "4.1.7.RELEASE-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:2743491b-3907-5006-ad11-2ba5bc1b2b95", "id": "CVE-2015-5211", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-5211 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:03fa41bd-cef8-57a1-80a3-7244837535dc", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:44433091-984a-5b4d-9775-a44869f19874", "id": "CVE-2016-5007", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-5007 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:09014466-8cb3-55a8-977b-37c88cdb8284", "id": "CVE-2018-11039", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11039 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:515fd8b9-1c03-5ac8-8649-09ad1612f30f", "id": "CVE-2018-11040", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11040 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2e4bdaf9-08a9-5993-b3bc-66cb51f0c751", "id": "CVE-2018-1257", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1257 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3d3a768f-deab-5737-8cf9-2e491d9089e9", "id": "CVE-2018-1270", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1270 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:10251b67-9b0a-518e-8953-1247449b2163", "id": "CVE-2018-1271", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1271 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8534276d-05db-5172-a149-2f0ae82fe827", "id": "CVE-2018-1272", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1272 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f37db918-d93c-53a3-9af1-88980b09ea53", "id": "CVE-2018-1275", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1275 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7e709e16-a259-52ff-81c6-047b3e9c2adb", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1e3d6057-8fb8-5aa2-8b7c-3e8fdf803bea", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:03fa006f-1d08-5f8d-b63a-c371d7db3cbc", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d68e565e-5e45-523c-8607-596a71760c04", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9237c232-bd4d-5711-adab-1f4c5dcdd864", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:930f3295-7ff0-548e-9571-0595fc318c43", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:51a00079-943d-59ef-88eb-5335b8ce99fc", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:94f88a3c-8823-579c-a5f2-0d919ee3c68f", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:be915300-2321-53fd-964a-325a51f745b3", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7dee2328-ac28-541a-b997-3094e6f059f7", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:08606453-c913-5be2-943d-0d613db8d773", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a2c40811-e2ea-568e-b810-0781833d8f49", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2cce72eb-a599-529d-b52c-f5dec1e9a087", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:01b5c211-d5f2-5097-ae74-9bc4db6ad32c", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c74a9d2b-2cf9-535b-8042-fdf046544955", "id": "CVE-2024-38809", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38809 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e5e01e4b-a8ea-55d0-a0c6-45c63a36607d", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:14dcfdbb-e4c8-58fb-92f7-c45e0dd53ab5", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:807cba8f-0bbf-51f3-bfb5-06ac0a85ecd4", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9c77d41b-2c19-5d4f-b740-8946fd0da438", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2971b763-48e6-5849-a8ad-a9b59d8c5f39", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:625307f0-45e9-5e5f-ac26-c3c21c655671", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:25ca8af5-d173-5691-b399-23e57e6e7ca4", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:96754a99-c211-53ed-93d0-d994389e16b3", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0970cad7-f40d-527f-af94-cbbf04702d2b", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:40a80c4b-0f0d-5e3e-947b-7806bd767d4d", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:890857a7-3564-5058-8050-4f157dc2770e", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:20ede76e-fd66-53ad-a0f8-59c52da0f891", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5ba4468a-4b7a-5543-a2b4-da17c7bac288", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:164316d3-2957-57a4-8f86-fe04f1e981c3", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0419587f-5e16-5a60-9431-e152ad77ce28", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:83f44e7d-249d-5057-9769-8479dc7362f1", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a04478b9-9751-5e8e-a075-a64194c432fc", "id": "CVE-2026-41852", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41852 does not affect version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context. not_affected \u2014 Spring Framework 4.1.7.RELEASE is not affected by CVE-2026-41852. The vulnerability requires record-style property accessor support (empty-prefix method lookup), which was introduced in Spring 5.2+ and does not exist in version 4.1.7. While this version lacks void return type validation for getter methods, it cannot invoke arbitrary zero-argument methods as described in the CVE." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:84b7b9f5-12d6-5924-b5a4-2f2d53ae5914", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4f1a9c12-de94-546b-95e7-5bde794bbe28", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context@4.1.7.RELEASE-tuxcare.4" } ] }