{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:8db74b96-a596-5cf7-8c53-d01d8519aaf7", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-webmvc-portlet@3.1.1.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-webmvc-portlet", "version": "3.1.1.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-webmvc-portlet@3.1.1.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:f0fd1f0d-2c1c-5f48-9ee0-d4c42c2396cb", "id": "CVE-2013-4152", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2013-4152 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:239036f5-4389-5bdc-9569-e9f7bebf38cd", "id": "CVE-2013-6429", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2013-6429 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1f5a3fcc-30e5-56be-a4d8-d22e1e5b0927", "id": "CVE-2013-6430", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2013-6430 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cdedfceb-0f1e-55ea-861e-8b809b8bd5c0", "id": "CVE-2013-7315", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-7315 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:aa12d564-2c8d-5762-bbb5-7546568f451b", "id": "CVE-2014-0054", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-0054 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7b2e7798-fbb2-5676-8259-2fef5bdd2adf", "id": "CVE-2014-0225", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-0225 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c7de4fd3-4811-5540-8670-8b7f78e98895", "id": "CVE-2014-1904", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-1904 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:898f88bb-b1ce-50c9-927f-c3d055011de8", "id": "CVE-2014-3578", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-3578 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1657c20d-2dc8-5b6b-a9e8-a9c67261597d", "id": "CVE-2014-3625", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-3625 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7adb552e-0f1f-5092-b8b5-be5887f93648", "id": "CVE-2015-3192", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-3192 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a10fda15-7b62-5246-ac47-7419035abc66", "id": "CVE-2015-5211", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-5211 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1a1b014c-32a2-5625-ba91-a454e8ade7b3", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d29ccfbd-344e-5b4c-80f8-e69b91ee69dc", "id": "CVE-2016-5007", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-5007 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:30b53338-9c08-5d92-b55c-763ca4a6ef69", "id": "CVE-2016-9878", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-9878 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:eb8e44dd-90d7-5109-9c97-bb268d4c2802", "id": "CVE-2018-11039", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11039 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d871266c-6ec3-59c3-81e3-dd2b855f8b72", "id": "CVE-2018-11040", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2018-11040 is a false positive for org.springframework:spring-webmvc-portlet 3.1.1.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b4f00492-a1f2-5f69-b036-a64320aaa1b3", "id": "CVE-2018-1257", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2018-1257 is a false positive for org.springframework:spring-webmvc-portlet 3.1.1.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6d5ce0e9-9103-50af-8baf-1cc1098b2d2e", "id": "CVE-2018-1270", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2018-1270 is a false positive for org.springframework:spring-webmvc-portlet 3.1.1.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:41b6d418-6b39-580b-b0bf-175da9450310", "id": "CVE-2018-1271", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1271 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:612e9f83-739e-548f-babf-37abe7af264a", "id": "CVE-2018-1272", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1272 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:08813915-e3b0-54b0-bd04-0556490bdd24", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a51a8391-2a72-550e-b1b6-24c3fbcaa8c8", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:79d0ec2c-8dda-57c4-bc45-3e8d572886a7", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7da47e6b-f20d-53f6-89a7-8143f21a065d", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9bdf8c54-03db-5b26-b926-dd33f423f568", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:193647ec-6666-5421-a7a1-a1d94f43def4", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:65a97387-2f71-5355-bac2-6088cc083d26", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:64b55b30-c5ab-5329-ae54-542352f57603", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4155fe28-f105-5652-918d-384ee081e110", "id": "CVE-2023-20861", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20861 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6cf40ed0-a7bc-59ee-a69d-3bafce8aa91f", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:438779df-e788-50c6-9621-1dcb89bfb28a", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:db6c9333-82ed-5a76-9b8b-8ae33eb74df5", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2322a2a0-d289-57ce-8efe-1d4fbac804c3", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:820b4ff3-0fba-56e0-a7e6-9b63bf90cb28", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:83e9fcfa-5f3c-53f7-af9d-0913ce159b83", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d25e3612-4d89-5966-ba9f-3bef501d3366", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1e5181eb-e08e-5f4c-a256-e513dd0a2a72", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:25b99cfe-5127-51b8-8ab2-7bc07f081bff", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:140d4f8a-d97e-5087-a4a9-de4c3b909b16", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1b51a819-9f2a-57d5-be8a-e1b02457176e", "id": "CVE-2025-41242", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41242 is a false positive for org.springframework:spring-webmvc-portlet 3.1.1.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c69d70a8-1342-59a0-9dda-6bef52fd42de", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:47446d1e-15be-59d8-9a80-4cbf48f54ac9", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2b265ed4-d690-5ee3-aeb5-fab8e1fc1d5a", "id": "CVE-2026-22740", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-22740 does not affect version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet. CVE-2026-22740 is a WebFlux-specific vulnerability (reactive multipart temp-file cleanup in org.springframework.http.codec.multipart.MultipartHttpMessageReader / PartGenerator). Spring Framework 3.1.1.RELEASE predates WebFlux entirely - the org.springframework.http.codec package does not exist in this version, and there is no reactive multipart code path. Per NVD, affected versions are 5.3.x, 6.1.x, 6.2.x, 7.0.x only; Spring 3.x is not in the affected range." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a5cdfe60-6861-5b01-b70e-36822436fd56", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:19cf08e7-567f-5f3a-917c-8012a2c1889f", "id": "CVE-2026-41842", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41842 does not affect version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet. not_affected \u2014 Spring Framework 3.1.1 is NOT affected by CVE-2026-41842. The vulnerability exists in content-based version strategies for static resource handling, a feature introduced in Spring Framework 4.1 (2014). Spring 3.1.1 (2011) predates this feature and contains no version removal logic in resource handling." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0a1044df-dc58-5d3f-97b9-53ec389353be", "id": "CVE-2026-41843", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41843 does not affect version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet. not_affected \u2014 Spring Framework 3.1.1.RELEASE is not affected by CVE-2026-41843. The vulnerability requires the content-based version strategy feature (VersionResourceResolver, AbstractVersionStrategy, etc.) which was introduced in Spring Framework 4.1+. This feature does not exist in version 3.1.1, making the attack chain impossible." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ac298cf1-a5ff-5fd9-9010-b7b4f2615aec", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5b383828-e669-50a7-892c-da897525641b", "id": "CVE-2026-41845", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41845 does not affect version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet. not_affected \u2014 Spring Framework 3.1.1.RELEASE (2012) predates the ECMAScript 6 specification (2015) that introduced template literal syntax. While the code lacks escaping for backtick (`) and dollar sign ($) characters in JavaScriptUtils.javaScriptEscape(), these unescaped characters cannot lead to arbitrary JavaScript code execution in the pre-ES6 JavaScript environment this version was designed for. The att..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0a5e582b-5091-57eb-b425-c20a18f4704f", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7e2fe852-08a9-5205-9698-d176f3f6829a", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0a9446cc-81f7-5177-bc15-65c7e0d65f31", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:544380a4-a833-5b25-9d14-b4651117c090", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f43848a2-f6a3-53a3-9b3e-21c4e2fc96db", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dc2f4473-921e-59a1-9a92-74bc7cc23b95", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6cc77fc1-3fd9-5d17-acc3-1dda810692a2", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@3.1.1.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f5d73ca8-a3fd-5812-a4fe-2122747652c9", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 3.1.1.RELEASE-tuxcare.2 of org.springframework:spring-webmvc-portlet." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@3.1.1.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-webmvc-portlet@3.1.1.RELEASE-tuxcare.2" } ] }