{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:0f31e431-d846-5a44-9c04-5a6a57b8a071", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-struts@3.1.1.RELEASE-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-struts", "version": "3.1.1.RELEASE-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-struts@3.1.1.RELEASE-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:a299540c-5d9a-560d-9fdf-36b7f19e8beb", "id": "CVE-2013-4152", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2013-4152 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-struts." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-struts@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0ff28508-6202-5b1e-9ea3-d04761416efd", "id": "CVE-2013-6429", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2013-6429 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-struts." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-struts@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ac7864cb-c372-5404-b515-6758112a73d1", "id": "CVE-2013-6430", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2013-6430 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-struts." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-struts@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:71b74259-eed6-5cc0-bddd-9deaa7621b90", "id": "CVE-2013-7315", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-7315 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-struts." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-struts@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5e05ca9a-28c8-5d5d-91a5-fbc3782c1c69", "id": "CVE-2014-0054", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-0054 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-struts." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-struts@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4e78eed5-1d89-54ca-840e-8830953135f3", "id": "CVE-2014-0225", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-0225 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-struts." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-struts@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:61974309-3f9a-5b61-99de-5e040121a65d", "id": "CVE-2014-1904", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-1904 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-struts." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-struts@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:22052aac-3ce0-511c-b49c-5e5378af4754", "id": "CVE-2014-3578", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-3578 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-struts." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-struts@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c95afdb1-1886-5c91-a6b6-d7e145403dbf", "id": "CVE-2014-3625", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-3625 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-struts." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-struts@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f15d0122-d39c-5b46-884f-63b6109864ac", "id": "CVE-2015-3192", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-3192 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-struts." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-struts@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:28bdb229-baf8-5391-9526-07683c925760", "id": "CVE-2015-5211", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-5211 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-struts." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-struts@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:596022d1-97c5-5df2-b8e0-45128d8eefde", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-struts." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-struts@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0f4448cc-dbe3-5688-9c2a-d851a391d3a7", "id": "CVE-2016-5007", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-5007 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-struts." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-struts@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:59ea5529-dce9-5a82-9af7-45ac3440b932", "id": "CVE-2016-9878", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-9878 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-struts." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-struts@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:09a12325-41f1-51c0-8966-dc7ab0e0f46f", "id": "CVE-2018-11039", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11039 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-struts." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-struts@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d1a9dfec-adf5-5989-8891-02dfbd2b115f", "id": "CVE-2018-11040", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2018-11040 is a false positive for org.springframework:spring-struts 3.1.1.RELEASE-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-struts@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7ae203c9-6474-5326-a8c3-e4f499bc4006", "id": "CVE-2018-1257", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2018-1257 is a false positive for org.springframework:spring-struts 3.1.1.RELEASE-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-struts@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0cae8f1a-79dc-546a-b7e5-fffcd099e9de", "id": "CVE-2018-1270", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2018-1270 is a false positive for org.springframework:spring-struts 3.1.1.RELEASE-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-struts@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3053a8cc-d81b-528b-bea5-da04f1addb58", "id": "CVE-2018-1271", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1271 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-struts." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-struts@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:36f6a8a4-1eab-5478-bff9-38b7b80dfebc", "id": "CVE-2018-1272", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1272 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-struts." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-struts@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:052baf66-ec46-5df1-b1f9-a1790bf09f1f", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-struts." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-struts@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:95a312ac-5487-5eaa-9208-456ad7f4a071", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-struts." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-struts@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dfeb5a79-ffe6-5186-9af3-2740c2219f74", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-struts." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-struts@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c3b3787c-31af-5e1e-bf19-b5a0dbd62579", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-struts." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-struts@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1716bae8-ae59-52c8-b00c-654dec491520", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-struts." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-struts@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3f18981f-e2bb-59b0-a18c-6988f3be913c", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-struts." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-struts@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b2e68fbd-c53e-5098-b897-491ca21589d4", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-struts." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-struts@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5ca39910-8b85-5b1e-a055-c70d01c9f746", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-struts." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-struts@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:10ef8c51-1ef3-57d8-a6f5-9fdfff2b4c42", "id": "CVE-2023-20861", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20861 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-struts." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-struts@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:689aad83-1184-569a-b125-c952a8aac767", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-struts." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-struts@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:597f2c3c-8b10-507c-8152-bc74f85f4080", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-struts." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-struts@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4fb8ac57-1c07-50dd-af19-2ff34f336bfe", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-struts." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-struts@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5f2eab72-087d-593c-9a6a-7a1f83428209", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-struts." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-struts@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:961dbf50-a5f6-5dbd-a12b-9c340a554fb1", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-struts." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-struts@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5a9f68c5-8e0f-5142-a078-1b8754166aa4", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-struts." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-struts@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2710962d-21d9-53d6-bd90-1c584ba7ed9f", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-struts." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-struts@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5257d656-621c-5000-b695-fc9230973908", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-struts." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-struts@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:52d72f05-a928-5e57-9273-b9e8914d3fa7", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-struts." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-struts@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:aba0373d-87c7-5c96-b672-d3247b759250", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-struts." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-struts@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:22d75f9a-d4ed-5f32-a435-70fa81ff851f", "id": "CVE-2025-41242", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41242 is a false positive for org.springframework:spring-struts 3.1.1.RELEASE-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-struts@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5c200b8a-4a1d-5073-8709-b45b4b862cd5", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-struts." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-struts@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4d395040-b037-59c2-b17c-b50f15de6b18", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-struts." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-struts@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:22545d9e-e943-5519-b7da-371033773183", "id": "CVE-2026-22740", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-22740 does not affect version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-struts. CVE-2026-22740 is a WebFlux-specific vulnerability (reactive multipart temp-file cleanup in org.springframework.http.codec.multipart.MultipartHttpMessageReader / PartGenerator). Spring Framework 3.1.1.RELEASE predates WebFlux entirely - the org.springframework.http.codec package does not exist in this version, and there is no reactive multipart code path. Per NVD, affected versions are 5.3.x, 6.1.x, 6.2.x, 7.0.x only; Spring 3.x is not in the affected range." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-struts@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c5ee5885-c9d0-51e4-b5b6-80890cb67f8f", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-struts." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-struts@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:729c519c-c7b7-5de9-bcb5-094a7e26cb69", "id": "CVE-2026-41842", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41842 does not affect version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-struts. not_affected \u2014 Spring Framework 3.1.1 is NOT affected by CVE-2026-41842. The vulnerability exists in content-based version strategies for static resource handling, a feature introduced in Spring Framework 4.1 (2014). Spring 3.1.1 (2011) predates this feature and contains no version removal logic in resource handling." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-struts@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b6cf4fa9-11db-5a63-a379-2686610ed20f", "id": "CVE-2026-41843", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41843 does not affect version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-struts. not_affected \u2014 Spring Framework 3.1.1.RELEASE is not affected by CVE-2026-41843. The vulnerability requires the content-based version strategy feature (VersionResourceResolver, AbstractVersionStrategy, etc.) which was introduced in Spring Framework 4.1+. This feature does not exist in version 3.1.1, making the attack chain impossible." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-struts@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ba8fe171-3e94-579d-acd6-7d3b25600e7f", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-struts." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-struts@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7c80c2a3-3373-572d-8a3d-786d172a0e18", "id": "CVE-2026-41845", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41845 does not affect version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-struts. not_affected \u2014 Spring Framework 3.1.1.RELEASE (2012) predates the ECMAScript 6 specification (2015) that introduced template literal syntax. While the code lacks escaping for backtick (`) and dollar sign ($) characters in JavaScriptUtils.javaScriptEscape(), these unescaped characters cannot lead to arbitrary JavaScript code execution in the pre-ES6 JavaScript environment this version was designed for. The att..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-struts@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9f003122-8b14-55e5-9b22-de320538be7b", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-struts." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-struts@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:506a9f94-e1be-5310-b1bf-d4e3adc2afa9", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-struts." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-struts@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9e450789-8e32-5760-874a-191fb35df06c", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-struts." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-struts@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b54bf186-8322-555c-a337-efc7ed22ccca", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-struts." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-struts@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9dd5ed90-cd18-5b87-92eb-72e6a24c126c", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-struts." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-struts@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0e1ed744-4a94-57ad-b3de-68a9cc6b25e8", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-struts." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-struts@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:037d6506-1937-54e9-8def-133d126640fb", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-struts." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-struts@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:82366427-bdf9-5cbd-a207-95c7dca34ba5", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-struts." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-struts@3.1.1.RELEASE-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-struts@3.1.1.RELEASE-tuxcare.1" } ] }