{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:7c1ef507-e24f-5580-872c-ae29a52bd471", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-webmvc", "version": "4.1.7.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:30331aa5-7de9-530c-847e-a18f1e317c96", "id": "CVE-2015-5211", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-5211 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:caa5c5be-38c8-59d9-8263-a3eea6340b28", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f3adf7da-8e24-5308-a818-9fca38ba0d21", "id": "CVE-2016-5007", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-5007 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3e7f705f-d140-5de2-a999-f7a5d1f7de1a", "id": "CVE-2018-11039", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11039 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d43712c4-9f2e-5bb3-b477-9cb9685f8317", "id": "CVE-2018-11040", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11040 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:13bc4502-9c68-51d2-9261-c5858e32302f", "id": "CVE-2018-1257", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1257 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7902f8b7-784c-5887-88d2-6e39d4319182", "id": "CVE-2018-1270", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1270 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2da796f1-7727-5bfb-b1c4-d7e385fdfe4f", "id": "CVE-2018-1271", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1271 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f611bde0-f499-5e44-8cdf-07c3d40f77f3", "id": "CVE-2018-1272", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1272 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0a8122aa-190c-548b-8ac5-d020c82022b6", "id": "CVE-2018-1275", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1275 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5c873b0d-2dd5-5feb-94b6-75e581e37107", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:432e8c44-6648-5f2e-8c61-0f3b896cf18d", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d3c76406-26c2-5f67-8885-e4ec636de564", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f3eb0c4f-f967-5447-b643-5e9b28fc71d2", "id": "CVE-2022-22950", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22950 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4098465d-69c2-5838-8477-79ae3796c581", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bf587f5b-155f-5fc7-914e-3c8ccd8c8131", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a7d8d873-d953-5ad6-b50b-5d3973c4fe85", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:364f647e-0088-5a73-8cc0-372d05f92afd", "id": "CVE-2022-22971", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22971 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d2c2892c-6e45-5b7f-b6f8-99195f107eed", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3115aa3f-c319-5bbf-9adf-7783fbedebf7", "id": "CVE-2023-20863", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20863 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:95b7a965-9f57-56e6-9763-9f353e6c0dd7", "id": "CVE-2024-22243", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22243 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6c3ebf70-9d35-571e-becf-4f049797bbe7", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5bbd55e7-ac0a-5512-9236-c3ddd928371e", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8bf191cc-dd31-59e5-81d6-c3f893497aa1", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:db10e074-20cd-5060-833f-081009c6320a", "id": "CVE-2024-38809", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38809 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:deb1a68f-f9db-58b6-a9ce-a6390515d599", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:09857ac1-77d8-5ede-900b-6979adedde14", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:57991767-7f2c-555e-89f6-58716542be2e", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:32b2fa4d-fecc-55dc-b42e-822942ca0508", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e2176c84-f809-5661-aeee-493e22ce07c6", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f16f9bfa-c9ed-53c3-ae8e-c2bbb2e52ead", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:61129b56-e1e4-5283-bb41-f6ac2c45e9fe", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:11025436-f74f-58db-acb5-50f3c5306d28", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cc01d848-92fa-55ce-b1c0-6568e11ccfb2", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:aba7cc2e-18dc-554a-92f3-28c4ed7e73bf", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:28e92281-7a37-53f2-9f74-9268fdb93b4a", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:99e95330-77b5-5f11-88bc-53c248879b07", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cb6095b3-c2fd-5cd0-84d9-d0dd641a82d8", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:59347caf-3d88-5d25-9231-a6ba0329add1", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3cdb5360-736b-5b53-a9e6-af2a92aa0ac5", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b658a17c-2810-533b-8187-5093c6370f1f", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:72f17748-5c8d-55c7-b30b-fc62ee5c1a69", "id": "CVE-2026-41852", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41852 does not affect version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-webmvc. not_affected \u2014 Spring Framework 4.1.7.RELEASE is not affected by CVE-2026-41852. The vulnerability requires record-style property accessor support (empty-prefix method lookup), which was introduced in Spring 5.2+ and does not exist in version 4.1.7. While this version lacks void return type validation for getter methods, it cannot invoke arbitrary zero-argument methods as described in the CVE." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:95891148-ab73-506c-b24d-ab1c4c1907e8", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fefcae58-22e8-5a4b-8fe6-37a804b22413", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.2" } ] }