{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:de4ed61a-e56b-5539-8758-0371c73c7f16", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-webmvc@3.1.1.RELEASE-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-webmvc", "version": "3.1.1.RELEASE-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-webmvc@3.1.1.RELEASE-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:7cd2d07c-7bbf-5bef-8654-b858714b1a5d", "id": "CVE-2013-4152", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2013-4152 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:654bdcd0-9497-593d-84be-f2d52506d910", "id": "CVE-2013-6429", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2013-6429 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1e2bc84b-c4e5-5266-9364-42ced5544468", "id": "CVE-2013-6430", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2013-6430 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:66a62472-2714-5f11-ad0d-44af8cc6216e", "id": "CVE-2013-7315", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-7315 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e0427e78-256c-5bb8-a99c-9c655ad024a1", "id": "CVE-2014-0054", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-0054 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:47ac3eb2-0c25-541b-83cd-56aa2b082d04", "id": "CVE-2014-0225", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-0225 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b7f8eeea-7577-5fd8-8ff2-e56d913635c2", "id": "CVE-2014-1904", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-1904 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4dc6a48e-ba8a-5f43-8635-89ff0c5288c4", "id": "CVE-2014-3578", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-3578 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3eb6b01e-b2e4-549b-be30-0eb44302b43c", "id": "CVE-2014-3625", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-3625 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5243e5f2-4caa-5dc3-865d-edd0b5e4a44a", "id": "CVE-2015-3192", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-3192 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1536def6-4278-59bc-b836-506823b593a5", "id": "CVE-2015-5211", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-5211 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8c7d32a9-b0c0-503c-b967-9e45478d7ba8", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:91037070-159d-5b82-a088-3306edb74f0e", "id": "CVE-2016-5007", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-5007 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2ab643e6-13e4-5f2e-b1f4-a05be1526d02", "id": "CVE-2016-9878", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-9878 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1f384ae6-fdba-5545-a957-7f0812ed49f5", "id": "CVE-2018-11039", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11039 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f31e8f0d-b28e-5555-966e-54a01d1f164c", "id": "CVE-2018-11040", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2018-11040 is a false positive for org.springframework:spring-webmvc 3.1.1.RELEASE-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8cfe4f26-5821-5f01-a4be-9e91402d4225", "id": "CVE-2018-1257", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2018-1257 is a false positive for org.springframework:spring-webmvc 3.1.1.RELEASE-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d79be553-a887-54b8-a219-8300a38f9a04", "id": "CVE-2018-1270", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2018-1270 is a false positive for org.springframework:spring-webmvc 3.1.1.RELEASE-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:451318e4-9f39-598b-b618-115412fca177", "id": "CVE-2018-1271", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1271 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ba71abee-875e-59d6-a7f0-a00f5bd2dea6", "id": "CVE-2018-1272", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1272 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ba7db97e-8617-569c-947c-d6ece389013e", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:61a8c608-3456-57ad-8063-f73703e3502a", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:92ab3657-544e-5099-8a74-779abd52cbf5", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:745f8c0d-ccc6-501e-b25b-f53b04621166", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:143ed6f6-3abd-5412-925c-adc01093a0cb", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6edc38ec-cd95-52ab-903f-7e6d7dc57b1a", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bf86e46b-85b5-5aad-9b06-713e6515802c", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:748f0997-4476-5f7d-b21d-0faf6a5e748b", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:89a77500-e9bd-5f27-be9d-6ce845a53d39", "id": "CVE-2023-20861", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20861 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:96da39f3-fcae-515b-8ad6-c8aa8a618f7e", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f0f96e6f-64df-5a9a-b4f3-47112ab51e8d", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fecb5f86-0c1e-50eb-a447-37aa0c5d8eff", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:82677745-184b-58f1-ac8d-869f1c871123", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8b2ea2b6-d000-5ce9-a225-859622dbeff1", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:247b95cf-e7b7-5f3e-ada4-4ece2582c289", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:030616b5-8d50-5ef0-bb7d-f7e23f2db4ac", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d8b480b0-8573-5122-895e-47fe60814afd", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:643d0a6a-2803-579e-8087-0003af6267f4", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b175efad-b0ca-5958-9848-7a58ebc40b00", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b0550a09-3a98-5d89-a0a0-5fba657079ff", "id": "CVE-2025-41242", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41242 is a false positive for org.springframework:spring-webmvc 3.1.1.RELEASE-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b83b05bc-b905-5de9-bdde-8846675bf099", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f2b5963a-9f80-5f6e-a05f-7f1f57886de3", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:41d7ccc2-d803-5f62-af98-02c7bc4eca8c", "id": "CVE-2026-22740", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-22740 does not affect version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-webmvc. CVE-2026-22740 is a WebFlux-specific vulnerability (reactive multipart temp-file cleanup in org.springframework.http.codec.multipart.MultipartHttpMessageReader / PartGenerator). Spring Framework 3.1.1.RELEASE predates WebFlux entirely - the org.springframework.http.codec package does not exist in this version, and there is no reactive multipart code path. Per NVD, affected versions are 5.3.x, 6.1.x, 6.2.x, 7.0.x only; Spring 3.x is not in the affected range." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3e49b99c-a835-5e25-8c36-5bedb122dee3", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c08ac057-b54c-5faf-8b1e-cbab8a434f1b", "id": "CVE-2026-41842", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41842 does not affect version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-webmvc. not_affected \u2014 Spring Framework 3.1.1 is NOT affected by CVE-2026-41842. The vulnerability exists in content-based version strategies for static resource handling, a feature introduced in Spring Framework 4.1 (2014). Spring 3.1.1 (2011) predates this feature and contains no version removal logic in resource handling." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:42684e55-d74d-5c47-a7fd-0bf37dbc63fb", "id": "CVE-2026-41843", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41843 does not affect version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-webmvc. not_affected \u2014 Spring Framework 3.1.1.RELEASE is not affected by CVE-2026-41843. The vulnerability requires the content-based version strategy feature (VersionResourceResolver, AbstractVersionStrategy, etc.) which was introduced in Spring Framework 4.1+. This feature does not exist in version 3.1.1, making the attack chain impossible." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:78dca5b0-37d9-5908-aa09-39c0188f332a", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a386b71f-2641-5d44-bf11-b1251af39cb2", "id": "CVE-2026-41845", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41845 does not affect version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-webmvc. not_affected \u2014 Spring Framework 3.1.1.RELEASE (2012) predates the ECMAScript 6 specification (2015) that introduced template literal syntax. While the code lacks escaping for backtick (`) and dollar sign ($) characters in JavaScriptUtils.javaScriptEscape(), these unescaped characters cannot lead to arbitrary JavaScript code execution in the pre-ES6 JavaScript environment this version was designed for. The att..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d5c4cb0f-a50a-50b2-a4a6-d534b8f94249", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4491f425-c0cf-5684-9bbc-b7393e33e214", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fdbcaf56-e479-5319-8e64-56105504ffec", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:77f2d119-59ee-5466-bea5-2789061469f1", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:23e9fe76-696d-5aa9-a6e7-717e4b7009d4", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:35958a6b-8314-5b11-b396-3341fbea4802", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ee562bf1-1394-5035-9b66-cbc87aa09d92", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@3.1.1.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:611826f7-7b4a-5f60-b2b2-2965e1760822", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 3.1.1.RELEASE-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@3.1.1.RELEASE-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@3.1.1.RELEASE-tuxcare.1" } ] }