{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:54ad363c-432b-5376-bbc7-861d6c01c73d", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-framework-bom", "version": "4.1.7.RELEASE-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:42a582c0-c3bb-5b69-9b20-3b131f32758f", "id": "CVE-2015-5211", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2015-5211 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:11047e0d-4544-578d-90f6-da76ae327453", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e40c2f74-320e-56ff-9667-d0cdc4eedafc", "id": "CVE-2016-5007", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-5007 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c8c1f483-885f-5444-892e-fabd05fb07d2", "id": "CVE-2018-11039", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11039 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6edf680e-e6c7-5a5c-94c0-296d9331f8eb", "id": "CVE-2018-11040", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11040 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f02e0a01-fd09-5e06-8de8-7ec62416cdb0", "id": "CVE-2018-1257", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1257 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3eb8a1a7-8c0d-5b38-b45c-b8b2bc22037d", "id": "CVE-2018-1270", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1270 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e3dfdc11-2c00-5a8f-ad2e-cab5fd07782e", "id": "CVE-2018-1271", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1271 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:79654ce1-61e3-5af8-85d2-2814a64b4c37", "id": "CVE-2018-1272", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1272 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:77930b05-5746-5e32-b50e-65de9a755dd5", "id": "CVE-2018-1275", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1275 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:753917cd-b3dd-5e9b-9eb3-dd97e6cbe541", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:69f54060-afb5-5eea-9061-8e3f5a29d497", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b39ef76c-bd01-5715-a4f2-457a20f45ed4", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7b45832a-d3eb-547b-8b22-f04d6f8f14ce", "id": "CVE-2022-22950", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22950 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b7c03c06-f799-51ff-9f7d-7a66ad541a15", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dee000af-dc2c-5514-8715-d0d47b2a247a", "id": "CVE-2022-22968", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22968 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:62cfc1cd-3dd6-57f6-90cd-3e930b228a10", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:58ac6d78-859f-5d79-98c8-b6ad6c8525d1", "id": "CVE-2022-22971", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22971 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0a6088ac-715d-5b7f-8f98-b3f4d0273bfe", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3f61b895-5812-559b-90dc-69ee020982ef", "id": "CVE-2023-20863", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20863 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b9926276-e00e-51e6-977e-ed79a7c1d37d", "id": "CVE-2024-22243", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22243 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6e5de881-144c-5351-8b0f-ef990555260b", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bad89ccb-717e-5648-a2ab-79ab3dae846f", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7e57d92e-afae-59f8-a086-b7c5e85fd7b1", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:840a1160-54dd-5f9f-b046-a6cbe372bda1", "id": "CVE-2024-38809", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38809 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9163eac7-d015-5bc9-9cd3-879bcc7724cf", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dbe94131-7f1c-5033-bd11-cd78b191b553", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8fcadeef-c5db-5347-8056-c50e25325775", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d0a97bb0-c2f0-5da8-b3cb-e55c8a7b6c44", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3d751503-3d38-51bd-8d75-d7e7eeaacb20", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:86c20420-250e-54bc-b4d9-2b189a5fcb10", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4ce21738-61ad-5fd8-93c1-cd4a3574c0b7", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6a3fb24d-c997-52f8-bcd5-1cbf78e95280", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bd863ef5-07e7-5d94-951e-43be834f61ed", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:43d66eb3-7214-5af0-8b0e-512b1ad988bf", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:43d90f08-af41-5cdb-9f81-32de66f2fc25", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b7eb4231-0db0-56fe-affa-a533e755a27f", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9be34273-4c10-53ef-a05b-c76f2178cff9", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:48ec5423-1447-59cf-9c28-82bf398860c6", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fb384ef6-9acd-5245-98b6-ad3be0c34705", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:536687fd-ebb8-5ebd-a208-02be6b37afc8", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:92bf9fd1-feab-5a9d-9613-85f7f49dff0b", "id": "CVE-2026-41852", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41852 does not affect version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom. not_affected \u2014 Spring Framework 4.1.7.RELEASE is not affected by CVE-2026-41852. The vulnerability requires record-style property accessor support (empty-prefix method lookup), which was introduced in Spring 5.2+ and does not exist in version 4.1.7. While this version lacks void return type validation for getter methods, it cannot invoke arbitrary zero-argument methods as described in the CVE." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b2de0270-4d88-5d16-a1ff-976371480900", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bef1a64f-c741-5dbc-938f-cd70d866bff0", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.1" } ] }