{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:8874a2f5-7c02-5f70-a9c8-f3a4a36ad609", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-instrument-tomcat", "version": "3.1.1.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:025eab2f-316c-518f-9df0-c89c9741c47c", "id": "CVE-2013-4152", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2013-4152 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2f1f64ae-49d3-5376-835d-9047515eb187", "id": "CVE-2013-6429", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2013-6429 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:407cfbc7-7354-558b-a8ab-2c0d518bb45e", "id": "CVE-2013-6430", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2013-6430 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a4ba96ff-4ec0-5d57-bb0a-6e1cb240891e", "id": "CVE-2013-7315", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-7315 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4c723273-66ac-5bff-a2e3-39be660fa4b3", "id": "CVE-2014-0054", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-0054 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3c59ccb1-1533-51e8-841e-c578ffa3274b", "id": "CVE-2014-0225", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-0225 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ea2ef408-b306-5565-bc8a-ddee8b856d44", "id": "CVE-2014-1904", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-1904 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2167fa15-c43d-50c4-bef3-8588a0e708ef", "id": "CVE-2014-3578", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-3578 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bc47107f-b675-5075-8bb8-9ad9b975fc78", "id": "CVE-2014-3625", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-3625 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:347a5f7d-c04c-54bc-812c-1715737fba5c", "id": "CVE-2015-3192", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-3192 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:95e59b9f-94ad-5abf-a6f5-b33e1cacaeef", "id": "CVE-2015-5211", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-5211 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ba3f29dd-f90f-5b4d-879e-a9f938dacf34", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:03bd5f4c-07e4-55c4-85ff-5bdaf09773cd", "id": "CVE-2016-5007", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-5007 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2d90e85a-430e-5a66-bcce-5e318ab384a0", "id": "CVE-2016-9878", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-9878 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6fa39b40-c645-54d2-89c5-61f3c84bc88a", "id": "CVE-2018-11039", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11039 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:98479c40-4a67-5686-9624-dc73b140e6bc", "id": "CVE-2018-11040", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2018-11040 is a false positive for org.springframework:spring-instrument-tomcat 3.1.1.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2e994f28-a8a3-5758-8ab9-a5affe3563c2", "id": "CVE-2018-1257", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2018-1257 is a false positive for org.springframework:spring-instrument-tomcat 3.1.1.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b187955e-f35e-5755-8c81-3050439d10d4", "id": "CVE-2018-1270", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2018-1270 is a false positive for org.springframework:spring-instrument-tomcat 3.1.1.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c55502a6-eb60-547e-a884-23df9fc86de3", "id": "CVE-2018-1271", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1271 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:055f7081-0e1e-5a13-8e00-c84e503b4901", "id": "CVE-2018-1272", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1272 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6d704f55-c968-58f4-a273-911188883126", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fb99d1df-f7f6-5637-848e-83e950a90f06", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:79194002-5a43-5b55-a807-e331c1f5ce3d", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:488f57d1-9b75-5696-9b19-b59b841f3c7f", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2bc6c4ec-ecc8-53f7-b497-d9a5c5ee2341", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:15b45cae-71fd-5526-a7b3-d5075a6f46c2", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3579c28d-892b-5494-b2b9-dcc9bc00b0bd", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7fef849b-4156-5dca-8ea3-92021a051c30", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c42632c7-08cf-599b-9a19-940c1ec6ec75", "id": "CVE-2023-20861", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20861 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:76ce8c45-67d1-5f2a-87d4-dc7ce81ee6b8", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:21bae93b-66cb-5a07-ad81-9de671927656", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:90953962-c6df-5473-ba4c-dc4509f18905", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a7525084-8b09-56b2-8f06-2b12dcc28422", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d95880af-22c5-5c1e-806c-a6e3f404a45f", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:67c1fe34-b0bc-5823-8d10-8c088efee51d", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4e019892-5a54-5483-a266-8dd6e8338cd6", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a11f0cd3-7564-5cc8-aab6-3718ee41f378", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:874f78f5-2624-5ef0-b839-0fe6436835c8", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:181e5577-3a56-5089-840f-63ff07b32b0a", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5ff7df51-b052-5e1d-9006-5a37642f53b9", "id": "CVE-2025-41242", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41242 is a false positive for org.springframework:spring-instrument-tomcat 3.1.1.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c835067e-594f-5051-8876-205a6bcc138e", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:12b4f316-d617-5701-a488-a4fa448b33b1", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2cc469c9-90b3-5039-ac89-3211bf54c928", "id": "CVE-2026-22740", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-22740 does not affect version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat. CVE-2026-22740 is a WebFlux-specific vulnerability (reactive multipart temp-file cleanup in org.springframework.http.codec.multipart.MultipartHttpMessageReader / PartGenerator). Spring Framework 3.1.1.RELEASE predates WebFlux entirely - the org.springframework.http.codec package does not exist in this version, and there is no reactive multipart code path. Per NVD, affected versions are 5.3.x, 6.1.x, 6.2.x, 7.0.x only; Spring 3.x is not in the affected range." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a36007ab-6c9c-5324-9999-5814cd5b1f02", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f3d20119-8e35-5053-9b2b-1483db9c4595", "id": "CVE-2026-41842", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41842 does not affect version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat. not_affected \u2014 Spring Framework 3.1.1 is NOT affected by CVE-2026-41842. The vulnerability exists in content-based version strategies for static resource handling, a feature introduced in Spring Framework 4.1 (2014). Spring 3.1.1 (2011) predates this feature and contains no version removal logic in resource handling." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7d7988b3-34e2-5717-b4f9-f6149d61ead3", "id": "CVE-2026-41843", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41843 does not affect version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat. not_affected \u2014 Spring Framework 3.1.1.RELEASE is not affected by CVE-2026-41843. The vulnerability requires the content-based version strategy feature (VersionResourceResolver, AbstractVersionStrategy, etc.) which was introduced in Spring Framework 4.1+. This feature does not exist in version 3.1.1, making the attack chain impossible." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:978db73a-80eb-53cc-9bc4-781a77b53778", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:055153a7-f3b8-5154-aa4e-d61f85149654", "id": "CVE-2026-41845", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41845 does not affect version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat. not_affected \u2014 Spring Framework 3.1.1.RELEASE (2012) predates the ECMAScript 6 specification (2015) that introduced template literal syntax. While the code lacks escaping for backtick (`) and dollar sign ($) characters in JavaScriptUtils.javaScriptEscape(), these unescaped characters cannot lead to arbitrary JavaScript code execution in the pre-ES6 JavaScript environment this version was designed for. The att..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a8899450-943c-5a91-9219-3d6dad23b801", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2230d07a-e8dd-5422-94a6-3026ad688cd8", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:de198a49-f56c-5653-a008-19bd1d0fd42a", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e9e95cd6-8479-5ff7-9fb6-b15699873d5c", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7057f8bf-3b64-5e65-a16a-bc9c0a3fe623", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1745afe8-6513-5bf9-ad8f-118d7553ee38", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f8955e03-dbc7-5e3b-9a65-6f9fb89c712e", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2544bbbe-0364-5d49-979f-55d13fbf305f", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument-tomcat." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-instrument-tomcat@3.1.1.RELEASE-tuxcare.2" } ] }