{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:1fbd7409-3013-50eb-95f8-c8c80df24732", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-web", "version": "4.1.7.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:ae5495cc-2faa-5514-a3ff-9f31ff1d1f97", "id": "CVE-2015-5211", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-5211 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3bd3ec58-c24e-5a27-a01b-1bdafbcf7b2b", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3a2f6712-9b47-596f-a41f-7becbb424779", "id": "CVE-2016-5007", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-5007 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8ad2df13-6624-5121-8468-53a6e391d077", "id": "CVE-2018-11039", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11039 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8b1ce672-ca6f-5eec-8a80-4253cfa8cb6e", "id": "CVE-2018-11040", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11040 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:12235a15-e106-58b8-80e7-1b2ca499ff0a", "id": "CVE-2018-1257", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1257 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:635953f3-2553-581c-b7b2-39e0ad0a1c4d", "id": "CVE-2018-1270", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1270 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9a8d1165-09f6-5fc9-900e-6fece99c065d", "id": "CVE-2018-1271", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1271 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9ed13e3e-6445-56b0-9a76-979d24c74b9f", "id": "CVE-2018-1272", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1272 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:da965013-c794-5613-8907-b5f6efb21ce7", "id": "CVE-2018-1275", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1275 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9c87386e-7e88-5beb-b881-32ddf8d4452c", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b14dfa20-f41f-51fa-a149-ee4f139a5784", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f411e9b1-e6a8-59d7-bded-a0fab31d0823", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9fe1e347-8480-5521-80b8-d6b159d1fc19", "id": "CVE-2022-22950", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22950 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:77797ca3-4889-54b5-8c46-bb6810043637", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2fe6beaf-b205-579c-84ae-faf8bd29766b", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ed2a27da-cdb7-5679-975f-8099b077211e", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:03ec16a9-9a89-520e-8480-ccf693ce9b3f", "id": "CVE-2022-22971", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22971 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d88c30d5-7c6a-508b-93ca-1993353ef336", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b1d47068-79c7-5deb-8128-d41eecd26359", "id": "CVE-2023-20863", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20863 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b903697b-35bd-5c40-aee6-7c8877f9fa71", "id": "CVE-2024-22243", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22243 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e58c1b35-9364-5e92-943c-48eb37fa895a", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:09882484-2bec-5f84-9420-09bc5a9bb6f0", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f8111b12-1f85-5286-b388-772daa0562ef", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0668b419-10ad-55e6-83ce-05f6cfa44c88", "id": "CVE-2024-38809", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38809 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:59bdf37c-acf1-5bfc-bbf2-b3371036a06f", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:95d7d642-592f-585b-9e5b-64046202bb01", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:19c3ff72-2690-52a5-9346-4a4ac5c07d6a", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:74c9b6a7-e445-5d80-8196-89adc1f36491", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:042b369d-0fe1-5350-ab45-b5bc838b8963", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4a3c8e3c-568a-5586-a8b9-ad202c633686", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1684b2fc-9fe4-5163-b91a-c5d87d74cf31", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2052e4c2-ad1d-572a-9f3c-e25836db6cf6", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ff872232-8897-5e6e-b6fb-29b59b56f28d", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ed5d70af-90ae-5d8d-897d-27027709017c", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:daa2f042-4f8a-5567-96df-8cbe22c0f92f", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a180081f-617e-5b40-a933-3c2710a9499a", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:beda0beb-5d04-50c3-8b48-042192a017d8", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d9f17cfe-ad20-5e8e-9aa8-9a6532a045a5", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d464c9aa-5ef1-5507-8ce3-187c85a33bc4", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fdf0e6db-a645-5301-b4f4-ff3b227c982c", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bd784205-1392-527b-88a6-79f129bf25b2", "id": "CVE-2026-41852", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41852 does not affect version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-web. not_affected \u2014 Spring Framework 4.1.7.RELEASE is not affected by CVE-2026-41852. The vulnerability requires record-style property accessor support (empty-prefix method lookup), which was introduced in Spring 5.2+ and does not exist in version 4.1.7. While this version lacks void return type validation for getter methods, it cannot invoke arbitrary zero-argument methods as described in the CVE." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:322cbf4c-6cd0-5c16-8038-c85097ad60b1", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b60bf857-2eba-556e-a168-dd30289fee85", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-web@4.1.7.RELEASE-tuxcare.2" } ] }