{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:d53a691e-957f-56a6-a788-51ffed72c48a", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-instrument", "version": "4.1.7.RELEASE-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:79b22c76-2288-57d7-966a-d64df71dd977", "id": "CVE-2015-5211", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-5211 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:36089bbe-1c9e-521a-87ec-6eb5e205f2a2", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cd23ecd8-ac7e-5c5f-b3f7-8d5f1840997f", "id": "CVE-2016-5007", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-5007 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0ff514fe-1a66-541c-bf92-21581e20b4d0", "id": "CVE-2018-11039", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11039 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bbfe5128-09be-5aa5-9eed-2446faafcc5f", "id": "CVE-2018-11040", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11040 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7ea632ec-2181-561a-ac64-e294342fb55f", "id": "CVE-2018-1257", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1257 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1975cfd7-b7ad-535d-b9d9-a8ef3b14b90f", "id": "CVE-2018-1270", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1270 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bd89a673-9956-542b-89b7-b9ec8b9eb28b", "id": "CVE-2018-1271", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1271 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:400a5c17-eac8-5016-a34c-1906ca3d31f7", "id": "CVE-2018-1272", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1272 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2258ab86-a796-5cda-b2e6-66742822b7a0", "id": "CVE-2018-1275", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1275 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:658b396b-9fc5-52c4-98fd-a74d7ef5ca10", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d3a1475c-2f60-52fc-a644-3cb20771477d", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:737aaeeb-e30a-5582-8056-7ec052db82ca", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:077eefb4-e1cb-5139-8982-1732fb5a95d0", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6ed53b32-871a-5cd3-9e25-f0c8980ca23a", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:78011445-8c69-50fa-9d9e-dad61342f26c", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:19802456-65c1-5ab3-986e-d95b2138f6a9", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fd46d85e-b21f-5a10-a75d-e501a3817b11", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bdd12bb7-d237-5911-bc2f-6ba599d00a77", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:da7e073e-21cf-5386-80c5-d76d2bfd4c6f", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:02a9ed84-4076-5822-9b91-5433f8b0b965", "id": "CVE-2024-22243", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22243 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f3500218-1372-5e85-ac3a-be474f065829", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:89f4144c-5c03-598d-8662-a39e2a66f62e", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2b110126-0bcc-5e8b-bdb1-36378cad39b3", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f35b85cd-c5f5-5ee0-b54c-384ce48abe9f", "id": "CVE-2024-38809", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38809 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f617be5c-2614-596d-aa07-e1734907ae0f", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:268442fd-c5de-541e-9389-516d6c6c5420", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:826e41ce-1ce4-5a04-bf4b-25b82a73971b", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c955cb8f-a68e-5c4c-a929-34f3ee764dbf", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:889262f3-b5be-5559-aad6-8ced005c11b6", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fa324d26-b125-54b1-bddb-2a5d7b99b9ef", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:86634890-a2d4-5597-b8d2-b2d87acdf796", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bda0d61e-3eda-59b3-8532-bcc3573cb0ca", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9c41996e-139e-5794-a9dc-e12c8314c730", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:43d55b2e-49ff-5c9c-81de-2ff58f651eee", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c104bc63-2432-502b-baa5-ad33ab8073a2", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3a9ed842-d47a-5e7d-b1f0-c420b656c820", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7eb39d5f-f8d4-5f28-aad0-610b8ce66007", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e9d2eb94-0113-5b1e-9898-b162f539d247", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2e8bd425-4dd8-57ff-b47c-bc17576876cc", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4ce63ab5-2b31-5edd-80a5-a87ac9ea510b", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1808f97f-acb9-568b-ae85-fdfe4e0d6d39", "id": "CVE-2026-41852", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41852 does not affect version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-instrument. not_affected \u2014 Spring Framework 4.1.7.RELEASE is not affected by CVE-2026-41852. The vulnerability requires record-style property accessor support (empty-prefix method lookup), which was introduced in Spring 5.2+ and does not exist in version 4.1.7. While this version lacks void return type validation for getter methods, it cannot invoke arbitrary zero-argument methods as described in the CVE." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3e7bff08-69ac-5fbe-af25-062bd4809dc8", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:79b98c09-494a-53b1-b0a8-2f34bc307158", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-instrument@4.1.7.RELEASE-tuxcare.3" } ] }