{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:43e7ee5d-f045-5418-b7d2-8e1762b5cf29", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-web", "version": "4.1.7.RELEASE-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:bd3f73a4-7fde-5901-9c4e-f16c85b97497", "id": "CVE-2015-5211", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2015-5211 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:be057a71-697c-5afa-9230-441afc06002b", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a8433380-bac6-5214-97c5-c296e9ae8c92", "id": "CVE-2016-5007", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-5007 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1afb0cd2-0f7b-52cf-9df3-56decc4c5d8c", "id": "CVE-2018-11039", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11039 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:21caa504-7b3f-5704-8745-43c725089973", "id": "CVE-2018-11040", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11040 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bfe36f09-b946-583b-b5a5-1885861978e2", "id": "CVE-2018-1257", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1257 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cdd47da3-e055-5a06-a893-c3a4ccf4e761", "id": "CVE-2018-1270", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1270 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7d658d8b-4d60-5533-8c34-62b5f22f3fa2", "id": "CVE-2018-1271", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1271 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8965c904-9389-5884-9ac8-f68c5ae94b32", "id": "CVE-2018-1272", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1272 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:848dd1ad-137d-5279-a75d-3982b92c80c2", "id": "CVE-2018-1275", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1275 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d14ba8c9-4efc-5945-87ed-dc54e0906e33", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6d6e23bf-6954-5fad-9b2d-eab722525b5c", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:030566d2-2489-562a-84cd-0ff91e5d5985", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0e6db719-910b-5e81-b3ff-4e848161b0bc", "id": "CVE-2022-22950", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22950 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0f3217c5-5499-5d0f-b39e-521f61abfe1d", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fe1d2231-26f1-5cd0-878d-88a455dd20be", "id": "CVE-2022-22968", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22968 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:84ecd030-6ba5-5768-aaef-47abe7dad53f", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e1bf74f3-d29e-5748-9ea8-ba37f2be9cde", "id": "CVE-2022-22971", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22971 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0896d930-79bb-5690-8f5b-66058212e28c", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9baa47a4-e27e-5f4c-b763-8ca8eb433e5f", "id": "CVE-2023-20863", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20863 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:420931cb-a931-5a24-8036-d057cc7ab7cd", "id": "CVE-2024-22243", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22243 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:55beabc7-43da-5586-a28b-510f30b7a386", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a94117a6-8c90-53ef-af26-8e07293eb42b", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0b4109c6-dc0f-5ed4-8daa-09f155f021ce", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:69468b5c-ffe7-58bf-85bd-2e345b122180", "id": "CVE-2024-38809", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38809 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a4bb7e0c-65ba-521d-8f43-cbc2f84c597c", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fec240b0-707d-5821-b26d-eb13afa68b2e", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a4770ba9-b95e-5679-872a-dfd1261bff91", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:50d7faaa-a986-5c4e-9705-8c252beae264", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:70aa7cc1-1a60-565f-b66e-c8cb3f09c1e5", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:447a8896-7da6-506f-9a96-76db5297d598", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6d577f28-593e-5d63-aa36-db1749ab4ded", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9cea74c6-7726-58c4-ba39-178935ea5f51", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2924c4c8-a27b-5fa2-a4ed-4a6f8102f881", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6d58d5a2-c071-5c7a-9035-a8a088c5cfe4", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:857c859b-df02-5f70-bee2-22af9028db7a", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:07d3a5ef-9089-5781-a90f-fec21fe578c5", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d0e64f46-5dfb-54f3-bf92-1144f71e90a3", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2127fd9e-2e0d-5756-b446-b142106aff07", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6961f231-7621-5d1d-b5da-476d89feb916", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ee029911-de2f-5944-b5fd-d559ba4e0966", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8d702912-9ce4-5a5f-906f-82c7c816292c", "id": "CVE-2026-41852", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41852 does not affect version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-web. not_affected \u2014 Spring Framework 4.1.7.RELEASE is not affected by CVE-2026-41852. The vulnerability requires record-style property accessor support (empty-prefix method lookup), which was introduced in Spring 5.2+ and does not exist in version 4.1.7. While this version lacks void return type validation for getter methods, it cannot invoke arbitrary zero-argument methods as described in the CVE." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2fbff528-8260-5427-9852-1b86f9f351f4", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6b056b4d-5cbd-544d-91ad-53369fd7b2b8", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 4.1.7.RELEASE-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.1" } ] }