{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:370f1a28-c21b-5e96-aecc-94d547bf4b37", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-instrument@3.1.1.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-instrument", "version": "3.1.1.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-instrument@3.1.1.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:9074b2bb-23a9-55a1-9f8f-19dc261d2178", "id": "CVE-2013-4152", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2013-4152 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:56b10d34-6e64-5521-ae16-c965337a1779", "id": "CVE-2013-6429", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2013-6429 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6051cdaa-1529-5e6b-879c-4ba659cbe80a", "id": "CVE-2013-6430", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2013-6430 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:667f9c62-3c28-5812-83a1-e64ba34700b0", "id": "CVE-2013-7315", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-7315 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7a0ff954-e787-5503-b6fa-84a06870afb4", "id": "CVE-2014-0054", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-0054 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6e408e6a-f857-55fe-92b8-f90c908d9b57", "id": "CVE-2014-0225", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-0225 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:90d06d61-edf8-5eaf-ae99-fc8546ff2639", "id": "CVE-2014-1904", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-1904 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:47024082-eaa4-5682-a49d-3a202055dbe8", "id": "CVE-2014-3578", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-3578 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fb36ed4b-de27-5ecc-b84a-e05d2116bd83", "id": "CVE-2014-3625", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-3625 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bb7dba5c-370c-53d8-9ad2-20480d243894", "id": "CVE-2015-3192", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-3192 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ca28c023-e6c5-51d8-90e7-0a8c55e3b9e4", "id": "CVE-2015-5211", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-5211 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:70ce4185-8a61-5e19-97e7-a212ee110660", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e975b3ba-a083-5c00-b672-aa56bd88ec19", "id": "CVE-2016-5007", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-5007 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1190d990-9d42-5a47-bd09-1d10dd736b48", "id": "CVE-2016-9878", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-9878 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cb637be1-ccca-579a-a5ad-a73257b7846d", "id": "CVE-2018-11039", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11039 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e6f0f3e6-a8a8-5486-be61-f681ca020451", "id": "CVE-2018-11040", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2018-11040 is a false positive for org.springframework:spring-instrument 3.1.1.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d5c07307-241c-5435-b1b0-2d0a800f5c13", "id": "CVE-2018-1257", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2018-1257 is a false positive for org.springframework:spring-instrument 3.1.1.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:97e60dcb-95d4-5581-a6ec-aa2f5ff19852", "id": "CVE-2018-1270", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2018-1270 is a false positive for org.springframework:spring-instrument 3.1.1.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:49147fdd-582b-5824-a5a5-51a221c47b0f", "id": "CVE-2018-1271", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1271 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1ba136f3-96b6-51d0-9d8d-83bce4aeaad5", "id": "CVE-2018-1272", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1272 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fef3b728-c195-5de8-8079-cab21b38ff32", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fd8bf768-9464-5398-9a6e-81e91594116b", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8d5bdc03-193b-57b7-82f1-0a7464e2aeb5", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e391d797-e6ff-536b-8182-b63144a07ae2", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c95e0de0-14f5-5dd7-ba59-d16b2f5d6268", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a50a2947-81f0-5084-9ff3-dd7a484474dd", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bae38570-1d8a-5751-bc50-9f2fe5f95b26", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d668096c-67dd-5eed-888c-01a9d91f74da", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e7fccc1f-d0fc-565a-a5e5-642b919ff0d9", "id": "CVE-2023-20861", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20861 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2938d4f9-fdae-50c1-bb6c-d05583b31535", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f1fc2383-addf-5ab9-a12c-4475cd9406a1", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:043f9724-29ba-5ac1-9052-50a1d12d2de3", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f7b21879-0caf-592c-addd-1b7dacdccb50", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3ac18d7d-6aad-588d-95a7-ff4ba9d69bbe", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0361ca4d-95eb-5ecd-866c-b6b8153c5a5d", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1d183f0f-90cd-5c0e-b401-56760a997152", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6eb94895-ab78-5ee5-9c60-1c2e601b8c7d", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:39c8573e-ec00-5578-8680-87dab1aeb2df", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6168b1e5-db2f-5486-bf5a-a793b274d587", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:86da9ad7-6de8-5724-9719-e5d1c1b4ab1c", "id": "CVE-2025-41242", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41242 is a false positive for org.springframework:spring-instrument 3.1.1.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:acaf20c9-1fc6-5309-90db-0c22e1956d47", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:520855c9-f82a-5a94-b2b6-4d6d9af6a236", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bcc07958-3560-5483-a811-d3107d0ad5fa", "id": "CVE-2026-22740", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-22740 does not affect version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument. CVE-2026-22740 is a WebFlux-specific vulnerability (reactive multipart temp-file cleanup in org.springframework.http.codec.multipart.MultipartHttpMessageReader / PartGenerator). Spring Framework 3.1.1.RELEASE predates WebFlux entirely - the org.springframework.http.codec package does not exist in this version, and there is no reactive multipart code path. Per NVD, affected versions are 5.3.x, 6.1.x, 6.2.x, 7.0.x only; Spring 3.x is not in the affected range." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e48d5350-94dc-5d7e-bc1b-93d3dc070a3c", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cd3a34a5-0b8f-50c2-9245-019da08f72c5", "id": "CVE-2026-41842", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41842 does not affect version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument. not_affected \u2014 Spring Framework 3.1.1 is NOT affected by CVE-2026-41842. The vulnerability exists in content-based version strategies for static resource handling, a feature introduced in Spring Framework 4.1 (2014). Spring 3.1.1 (2011) predates this feature and contains no version removal logic in resource handling." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d1b73b77-624d-59fb-ac56-e2e401b3fe4c", "id": "CVE-2026-41843", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41843 does not affect version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument. not_affected \u2014 Spring Framework 3.1.1.RELEASE is not affected by CVE-2026-41843. The vulnerability requires the content-based version strategy feature (VersionResourceResolver, AbstractVersionStrategy, etc.) which was introduced in Spring Framework 4.1+. This feature does not exist in version 3.1.1, making the attack chain impossible." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:603064fb-9888-5fc9-b6e0-448f0648bbd8", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7dd5697e-7b8a-56f4-9bde-3c652a343b5d", "id": "CVE-2026-41845", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41845 does not affect version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument. not_affected \u2014 Spring Framework 3.1.1.RELEASE (2012) predates the ECMAScript 6 specification (2015) that introduced template literal syntax. While the code lacks escaping for backtick (`) and dollar sign ($) characters in JavaScriptUtils.javaScriptEscape(), these unescaped characters cannot lead to arbitrary JavaScript code execution in the pre-ES6 JavaScript environment this version was designed for. The att..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5a6ffb36-9b64-5b05-addd-721fde396825", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b4f5241f-231b-516c-897c-b6aebcba66af", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:33b89636-ed34-5327-a8dc-017944cc46ea", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:48b6135d-3275-5201-8d8d-9afcfeec6c92", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a35ba174-2b16-5fb1-9b5c-58fe3cde1a19", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e97b7a3a-5a6e-5ab4-9df3-f2356af7bf57", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:65edb805-4b1f-5db0-9bb4-b9651d7c5883", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1112aae7-9fc1-5f59-8902-331b9104900e", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@3.1.1.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-instrument@3.1.1.RELEASE-tuxcare.2" } ] }