{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:db6ddae7-e5d6-5cad-8fdd-4436e59e76b3", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-framework-bom", "version": "4.1.7.RELEASE-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:0224e1f0-f37e-5c86-88de-1c4dfb44381c", "id": "CVE-2015-5211", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-5211 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0a49e0b3-ba7a-5538-b0ee-af4a0657d283", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f9bcbe9d-84ff-581f-b267-eb231c003439", "id": "CVE-2016-5007", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-5007 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8706aa36-0383-5ba8-8f72-7026e83131ec", "id": "CVE-2018-11039", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11039 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:df5531d7-e0f9-5c5d-a8ce-aa0919fb84bf", "id": "CVE-2018-11040", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11040 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:846b3107-04fd-55e2-b3b0-1302f68fbffb", "id": "CVE-2018-1257", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1257 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a050cf6c-6725-5fbf-96e7-bb58dd1e256d", "id": "CVE-2018-1270", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1270 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3931f488-0471-55df-aa43-b0b234bc990d", "id": "CVE-2018-1271", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1271 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:116da162-57b1-5666-ab19-727f2c849695", "id": "CVE-2018-1272", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1272 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:dfda3fb5-28a5-53e1-823a-b87bcb0febb2", "id": "CVE-2018-1275", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1275 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:20931e24-e1a4-5bcc-8d23-14372bb16efe", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:001a1db1-7aca-5cae-a8bb-91d1cdbe641f", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:42b29612-d12a-58d9-a6bd-ec2eab14937c", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:011a7446-8217-5520-a3a6-9eeffb97aba3", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:71c730eb-a87c-56f8-9bfd-96bf0b092d4d", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:efc128bb-2a88-571a-aac2-ca102f7744b3", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9be37c1a-74cc-5373-beca-3e85a19bc1a4", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fc72a812-0a28-53c8-84a5-e0a17f56bee1", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c7a8705a-1f16-500b-8e97-acab838bbca6", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:63e4ce45-c5fe-5279-b0df-d1a0ac20fe77", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:330680a6-12de-5a09-85e2-75e43d968c9c", "id": "CVE-2024-22243", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22243 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c17455d6-b44e-5b19-902e-f9e19d70bd5f", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9265a553-a3c5-52f0-92d7-64a84fad3a24", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ca30378e-252d-5eaa-acfc-91ea4fc3f718", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0d7ee116-5187-518e-80a9-08c5cd93d6d9", "id": "CVE-2024-38809", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38809 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a22a5c49-3b6b-597f-ac4b-4c3b3b8e8cf1", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4d68c96b-b33a-5dc3-956e-55ae104eb086", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:22112331-c4d5-5387-a587-3a7392e9a54e", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0ff9ff8d-ad19-541e-9778-2750d28fce84", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4da003d2-f69e-5023-8aea-24716a37ec60", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:122c73b0-21d8-5fc3-b316-07cac32f8002", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:526afc09-06d2-5456-bbfc-d9302ca41f64", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3c7794d9-c1de-5c54-9836-c4d269988636", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:eb9b5936-8ee5-58c8-a610-6273c12f7912", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:be1fefe8-27ef-5446-bfed-a4899c7df0aa", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a87c2e32-eca5-55ea-a429-75887ee397ac", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1eeaef1b-696a-59db-bfb8-87c1c5db7eeb", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d5e36632-aa23-50a8-a0f7-7641fd208279", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1aa8e536-c759-5ac3-905c-ad07b17cb5cc", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:96cb1f3d-a31f-5df9-8969-7ca30e824169", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f9e8510d-b7e0-5c35-875e-72ec0e148aad", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:867f899f-c0ed-5f6f-a770-a9a1c9b20137", "id": "CVE-2026-41852", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41852 does not affect version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom. not_affected \u2014 Spring Framework 4.1.7.RELEASE is not affected by CVE-2026-41852. The vulnerability requires record-style property accessor support (empty-prefix method lookup), which was introduced in Spring 5.2+ and does not exist in version 4.1.7. While this version lacks void return type validation for getter methods, it cannot invoke arbitrary zero-argument methods as described in the CVE." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cd0aba57-fd79-5d1c-9e08-f5ce76c3171d", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e02179fe-1160-5e8b-9240-943660377d2f", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@4.1.7.RELEASE-tuxcare.3" } ] }