{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:ef470e7f-f9ed-5d05-b77a-f1501480c0e1", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-instrument", "version": "4.1.7.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:386c3cba-140e-51b4-b307-67ff56bf5204", "id": "CVE-2015-5211", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-5211 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c8b88606-b94e-5757-be55-5f5b67787044", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f7e10c69-dd3d-5cb5-9d7d-4bbf9cfd5c65", "id": "CVE-2016-5007", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-5007 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2093c56e-7d9b-5809-8113-505045368e84", "id": "CVE-2018-11039", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11039 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b9673cd8-860d-5851-a5e0-aa3f852329af", "id": "CVE-2018-11040", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11040 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e1fb31bb-cf09-5c76-862e-7fabd85be67a", "id": "CVE-2018-1257", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1257 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:941705e1-4256-5bf3-8418-e15357271548", "id": "CVE-2018-1270", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1270 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a7a49357-8e2d-5b93-8c18-1ee513bc3858", "id": "CVE-2018-1271", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1271 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:af88b0b4-eab8-5e7f-93f0-7d3dd67972cc", "id": "CVE-2018-1272", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1272 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:395f6fc8-6de6-51dd-b854-8169b7cfce51", "id": "CVE-2018-1275", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1275 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5ac330e2-5f4e-5a44-9334-95213aa12d69", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0b2e327e-ef57-5750-9ce2-5300aac11930", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c7997249-8f6b-5f4b-be2d-fd66d8a7cd8e", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c8b4f584-5ce2-5171-9d5f-bb032687d72e", "id": "CVE-2022-22950", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22950 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2d7f0f63-3678-5364-8576-43de3327cdcb", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e4a362b1-e57d-546b-bc42-91c845c4cd7a", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:56c97739-085c-5147-ae2c-0f42bd422600", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2beb3a34-bb15-5cef-bab8-f67e161d8b98", "id": "CVE-2022-22971", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22971 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f0dc447e-1455-5f9b-a58a-891d7710bf89", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:19aab4ab-e4b8-5247-b38c-08884eaa057c", "id": "CVE-2023-20863", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20863 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:22c798ba-d0e8-5c4d-811b-074a5c909597", "id": "CVE-2024-22243", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22243 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9bf4c8b8-b990-528e-b3eb-c56182649bad", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:284267c4-3d27-51d3-a8ce-61d94efa2c70", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3c9320bf-42b4-5ba4-aca7-bbce6fe4bbb7", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c81f8a0d-2ede-5b18-978b-4b654036b412", "id": "CVE-2024-38809", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38809 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:64961d07-3a95-5271-861d-39b296986c89", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2d23d739-d655-55ec-acfe-842d3e4a73b1", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a5c96ad0-07ab-5bf3-8b70-b4b2e205badf", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:04de7b35-88af-5ec7-8e37-0e75c4003067", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b3410826-ac9c-5dfb-9419-12e414e6c1d3", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1dbbdc1b-861a-5a4f-ac26-5f565e7317d6", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:991db3cb-01e0-58cf-8be2-4cee590e2b65", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ca70f21e-52f2-5894-b98b-e749ffced539", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ca8ce387-1bf9-5c58-b7a7-d8d005e454d6", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8051cf2a-834e-5793-9b50-16476bb496b4", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6f21a372-f33c-50fa-86b0-34c8b60dcbdc", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:655cdc67-51fb-5626-a625-aef1d5f1abe3", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:58a5d85c-6100-5f01-ad91-47e0f13f2e9e", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:54e36abd-89d1-529c-b2bd-74aba0e96b24", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f15aed43-5eca-5cbc-af82-88e836bb84b1", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:847a0684-072c-56d3-9351-d4d284460248", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8deb1f59-a3fa-50c8-b27c-cd709a1064e4", "id": "CVE-2026-41852", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41852 does not affect version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-instrument. not_affected \u2014 Spring Framework 4.1.7.RELEASE is not affected by CVE-2026-41852. The vulnerability requires record-style property accessor support (empty-prefix method lookup), which was introduced in Spring 5.2+ and does not exist in version 4.1.7. While this version lacks void return type validation for getter methods, it cannot invoke arbitrary zero-argument methods as described in the CVE." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1c8b29bb-d888-5d2c-ab6a-8cc8317b16d5", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2656d94e-29ff-5474-9749-eab645191d0a", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.2" } ] }