{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:8eb37080-55cd-5646-b30c-f42da3c0f71b", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-instrument-tomcat", "version": "3.1.1.RELEASE-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:f257658d-49a9-5426-b041-2df056cacb13", "id": "CVE-2013-4152", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2013-4152 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:becc0d7e-9cd9-54af-9927-32c1c8b43662", "id": "CVE-2013-6429", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2013-6429 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2d2a9212-26fa-59fd-8c26-b26d885a17b4", "id": "CVE-2013-6430", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2013-6430 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f8eeae3f-adc1-5381-bcfc-e6d549a88992", "id": "CVE-2013-7315", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-7315 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:efb16730-f675-57e6-8d69-62dd3e76c26d", "id": "CVE-2014-0054", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-0054 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d84d7cf6-4fa1-536a-ad14-46e558c7cb6a", "id": "CVE-2014-0225", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-0225 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cf75d7cb-6b63-5cab-b08c-8520121b3777", "id": "CVE-2014-1904", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-1904 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:be24828b-3d7d-5159-828b-bc2652cadb37", "id": "CVE-2014-3578", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-3578 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dafb9edb-e256-5cac-8877-e683af1ce20a", "id": "CVE-2014-3625", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-3625 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4b2c7ea8-2e97-5297-8dbf-2cb5a7d607cc", "id": "CVE-2015-3192", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-3192 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:699ef9e4-7416-52ed-9ef9-3ec972537a3e", "id": "CVE-2015-5211", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-5211 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b995f9ec-8580-5462-ad18-1f953e986a3d", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e1f8bc1c-126f-5c40-b2dd-44a8f9c35fa7", "id": "CVE-2016-5007", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-5007 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5ccc7331-ec09-5aa3-ad35-4f703920a9b5", "id": "CVE-2016-9878", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-9878 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f8a086fb-70fd-5cc1-890f-8642499a2dfc", "id": "CVE-2018-11039", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11039 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dc84ca93-7a35-50ed-bcc5-341bbc83784d", "id": "CVE-2018-11040", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2018-11040 is a false positive for org.springframework:spring-instrument-tomcat 3.1.1.RELEASE-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:08366e83-817f-5134-a6cc-b2d255fd28ca", "id": "CVE-2018-1257", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2018-1257 is a false positive for org.springframework:spring-instrument-tomcat 3.1.1.RELEASE-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a2c8e5f4-43ec-5e62-ac76-311868083380", "id": "CVE-2018-1270", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2018-1270 is a false positive for org.springframework:spring-instrument-tomcat 3.1.1.RELEASE-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c37f29ee-0bd7-5689-b4a5-0f3218421dbb", "id": "CVE-2018-1271", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1271 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4f63ccd3-59e8-5cd6-9ef5-3556b02aba58", "id": "CVE-2018-1272", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1272 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:978ca901-15d7-559f-8a58-ae5ea6d4496e", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:df778186-f595-5680-b1ad-9cf26e1f3103", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a2862f89-4695-5aa4-bd9d-95ad1158bce1", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b94104e5-d4fc-5142-9db7-fe6aa858f706", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1ceccc76-0da5-5981-988a-6ef2ec0ca24a", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c1f51ed1-5761-5e06-bc76-6ae49e1a17c2", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:66773407-54eb-5ba2-8721-cf0bafb7d55c", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2d0333a4-5067-5146-b854-f66de87f2955", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2084ac7c-f8a7-51d3-b2ca-8b7ce6d9d318", "id": "CVE-2023-20861", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20861 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3615ec52-9653-56c2-a774-ed02caa2450d", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ac51a40d-7a3f-56b2-b22f-698c85c7e3f3", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3d77deb6-3bfc-58f0-b870-0a4dd504f45a", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:90398d08-dadf-5310-8877-b72282dc5b99", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:949de215-fba0-5532-a09c-67bb1389ae33", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dfcf31a5-6eba-566d-83a4-3fd70fb5fdb5", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:068a70ff-69eb-54fd-906c-2934082250a3", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6e107633-cadf-5346-9de0-b58ca427305b", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2cb58029-7604-5598-b2f8-483f722c3ad6", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cbd0bb62-f958-5a54-9ff9-f7b82c263907", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b5a158fe-d451-5f08-9146-2bf70a2772f7", "id": "CVE-2025-41242", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41242 is a false positive for org.springframework:spring-instrument-tomcat 3.1.1.RELEASE-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:be2d9bd5-c19b-5318-9ce2-6dba54ac377b", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:25a1a542-e437-5530-9a21-e918ac9e9b4f", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:93627e5c-86d6-554e-9771-d3b98e39526c", "id": "CVE-2026-22740", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-22740 does not affect version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat. CVE-2026-22740 is a WebFlux-specific vulnerability (reactive multipart temp-file cleanup in org.springframework.http.codec.multipart.MultipartHttpMessageReader / PartGenerator). Spring Framework 3.1.1.RELEASE predates WebFlux entirely - the org.springframework.http.codec package does not exist in this version, and there is no reactive multipart code path. Per NVD, affected versions are 5.3.x, 6.1.x, 6.2.x, 7.0.x only; Spring 3.x is not in the affected range." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:11de7a5c-9c0a-53b5-92fc-0d22f578663a", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:11a1501c-f8cc-5dce-8121-357c37e8fbc8", "id": "CVE-2026-41842", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41842 does not affect version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat. not_affected \u2014 Spring Framework 3.1.1 is NOT affected by CVE-2026-41842. The vulnerability exists in content-based version strategies for static resource handling, a feature introduced in Spring Framework 4.1 (2014). Spring 3.1.1 (2011) predates this feature and contains no version removal logic in resource handling." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:058a9241-5f10-54a5-875a-fff093f22a88", "id": "CVE-2026-41843", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41843 does not affect version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat. not_affected \u2014 Spring Framework 3.1.1.RELEASE is not affected by CVE-2026-41843. The vulnerability requires the content-based version strategy feature (VersionResourceResolver, AbstractVersionStrategy, etc.) which was introduced in Spring Framework 4.1+. This feature does not exist in version 3.1.1, making the attack chain impossible." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:221beed3-aec5-50c5-a436-d76c1d7564ae", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0c42b36b-ed8b-53d7-a843-d9b05a209051", "id": "CVE-2026-41845", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41845 does not affect version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat. not_affected \u2014 Spring Framework 3.1.1.RELEASE (2012) predates the ECMAScript 6 specification (2015) that introduced template literal syntax. While the code lacks escaping for backtick (`) and dollar sign ($) characters in JavaScriptUtils.javaScriptEscape(), these unescaped characters cannot lead to arbitrary JavaScript code execution in the pre-ES6 JavaScript environment this version was designed for. The att..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6b742955-3e06-59ae-b9a5-26cd8d6b8119", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c66121b2-943b-5174-9aa1-156a4da4dfbc", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dfb2d8a3-c4cf-5b38-8e74-b66a6abda66f", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:74d7a6cf-8b4a-53f5-a15a-8f5b409b5ee6", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a9634a92-0d1a-5fd0-886c-b3f6d1e8e91f", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:678df074-7996-51a0-a602-def9a022dbe3", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4f12487e-4846-5ed3-93a5-eebfd67e047f", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:40a82f4a-8841-5f69-bc24-d657803c76a7", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.1" } ] }