{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:d285f505-7395-5497-96cc-a3fd63804f8f", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-instrument", "version": "4.1.7.RELEASE-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:d8e4b20d-6098-5b8a-95ec-5311f4857e56", "id": "CVE-2015-5211", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2015-5211 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c86c8598-b6d1-5113-9f8d-60986fed4019", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:93fb3f43-7429-5d12-b248-01974d71101b", "id": "CVE-2016-5007", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-5007 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fbed8ed9-15c7-54a4-9e5f-b8c5241967ee", "id": "CVE-2018-11039", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11039 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:56dabbb2-955e-5316-908f-a94a84489130", "id": "CVE-2018-11040", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11040 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bd59eb2c-2224-574f-aeef-cbba47c6dac6", "id": "CVE-2018-1257", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1257 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:235c9247-0206-5f4c-bba1-fe58985bfd1c", "id": "CVE-2018-1270", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1270 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:134fc824-8e93-5c83-8f80-597a5e550cfa", "id": "CVE-2018-1271", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1271 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a5a0fe5d-d1d4-5c28-97c0-dda31873029c", "id": "CVE-2018-1272", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1272 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:08f7d5ab-4fe3-5124-8622-c83e3fa8bc73", "id": "CVE-2018-1275", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1275 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c5e3986e-b899-5186-bfb1-477d279ee487", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:646a2615-a0a4-5009-bbfa-810503ff5fc6", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:45b18036-3953-5bd1-abef-4b82d9ad5f60", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e6d40183-d427-5b04-b620-e7838578a687", "id": "CVE-2022-22950", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22950 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:537cf83f-7df8-5952-8e6c-11340fb8f1fc", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:31811386-4813-53fa-a583-5242098f9779", "id": "CVE-2022-22968", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22968 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:650542de-b904-5e94-8aba-9452bc93ec06", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fd17b42e-5921-5db7-96b6-35215c8d5aff", "id": "CVE-2022-22971", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22971 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fbfce5fa-7c68-5fd5-99df-f0940d2e623c", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e7066b33-79d3-555b-bcf4-c5a292cc92b4", "id": "CVE-2023-20863", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20863 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:54844c0a-0a1b-5200-bad2-f9887ac64977", "id": "CVE-2024-22243", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22243 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dc89a59d-666c-5fd5-b9db-f0cefae30da0", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:753f9244-ebe1-5305-805f-5407aeea7691", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0e3f963d-c745-505c-a16f-332d517adf73", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9a2c48b6-16bc-5f6d-a82e-0fda98c54c00", "id": "CVE-2024-38809", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38809 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f40fa7ac-7496-5d5a-ad86-06934ecc13d3", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4fb7489f-fd1b-5627-8980-8e704447d0dd", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3d53ffd6-f2f5-50f9-b786-39633f366698", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1491a741-fb50-568a-9b42-096324a296a4", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e2008b70-7056-5fcc-bec5-c3204b26d8e9", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f99ebb82-9f05-583a-88b1-47be673cf1b7", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ef6bf975-092d-523c-9d92-9e42fe7550dc", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a1684021-5a49-5ec2-94f5-9e393b725472", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:71cf85c2-3cea-560d-8142-4b26885eaafd", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6f42a646-d4b5-5d95-81ff-b69a37554cf0", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:57ced138-0dea-5fef-b86d-ed87edf74c06", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:979b597a-1e9f-5d99-8d68-fc3b5cdea123", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bd50cc88-bdec-56f5-9515-d9f6fd5ea968", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3f5b732e-07f0-5aa2-9c63-642dc5cbf87a", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1b940b37-c64d-5fc4-8985-01047be788e8", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3bfe99f7-9029-5006-9a88-37596a778734", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d7cbc778-72d5-5e19-8d85-c68c24fdff7d", "id": "CVE-2026-41852", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41852 does not affect version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-instrument. not_affected \u2014 Spring Framework 4.1.7.RELEASE is not affected by CVE-2026-41852. The vulnerability requires record-style property accessor support (empty-prefix method lookup), which was introduced in Spring 5.2+ and does not exist in version 4.1.7. While this version lacks void return type validation for getter methods, it cannot invoke arbitrary zero-argument methods as described in the CVE." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:84cb7af4-7ec9-5923-a608-b993f7f6da84", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:01235d41-7ac5-5fad-ad25-629c54f69dc1", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.1" } ] }