{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:705aefd3-2542-51eb-a827-6041b06e7628", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-webmvc", "version": "4.1.7.RELEASE-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:7026e5d2-d037-55e2-8316-9aee5729dea7", "id": "CVE-2015-5211", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-5211 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3b3cf05f-eca0-5cdc-82c4-2d0e17e374de", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2d44d6a9-5651-553d-9034-fdd6345c126d", "id": "CVE-2016-5007", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-5007 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4d2dbba6-cd19-538c-a23d-3a61d85beaf3", "id": "CVE-2018-11039", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11039 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:59e516a0-eddc-5926-9b73-b0bd218aeb07", "id": "CVE-2018-11040", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11040 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a3b43f56-5ed5-517f-a025-848806662896", "id": "CVE-2018-1257", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1257 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7b244a10-220d-5810-acca-4b963c1ecda9", "id": "CVE-2018-1270", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1270 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:383a8fde-248f-5ac2-90b6-63b752e8cc76", "id": "CVE-2018-1271", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1271 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:875a3360-870e-5697-8526-169e94a98c86", "id": "CVE-2018-1272", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1272 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e9eafbd8-85bd-5490-baf5-387946cf9227", "id": "CVE-2018-1275", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1275 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:eb54148c-a4fd-5586-a483-757d6301bf21", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:575dffb4-f3f6-5616-9704-bb6b6b9170ad", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6bd3d3e7-f2d7-5de4-bbc8-2aa55952ebb6", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:96768f12-bbf4-5570-810b-a10f81b4aaee", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cabbdd5d-f629-5a24-879d-42a8cf2fc271", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6bd0b6c4-69d6-5e21-9d96-aab927e9dbe8", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c3f79aa9-3dc1-5dc8-ac53-38b2d7d5a257", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:219149ee-94ad-5e50-8db3-3df60be5061d", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f15676ac-a52d-59e0-92dc-bad97a504dda", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:bc4d345f-ed5c-59b6-9b0b-cb2f8aae961b", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5dae167a-99cd-5b45-8387-05ef9ea4e64f", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e5d3d562-6e34-5dab-b19c-661417e65bde", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:07544a3c-d42a-5388-95b6-1901408422bd", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8c95b3df-7836-553f-9d48-fd4d5b938103", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a8d47e88-d7b7-5b62-b2e8-43e4c4db1437", "id": "CVE-2024-38809", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38809 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7cd69f77-c789-5c19-862c-fce66b612dbc", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:61478c54-17dc-5e08-9802-17f16c6f6990", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d8b1cdee-a3ba-57e2-8191-3211dca9f9b6", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:bbb403dc-b4a1-5656-9071-2c636dd19198", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d7ae620f-8517-5af3-a8f8-b5af51d09901", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:39b594b2-5ddf-5668-96f2-b393a9e45eaf", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:179db39d-8580-5224-805e-0fa7305a781b", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ca486cf9-11ed-5807-b464-4e3635651a8e", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cc0e20d4-f811-51ab-b924-8691d8603133", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:56781e10-4e94-53b4-a871-e4e1cf76b7fb", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6b63267d-8d89-518c-92fa-9be50ad3e5e7", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0caf72be-81af-53ff-a172-b5b53071a6ae", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9c390160-b5eb-554f-a7ef-71a902e1de56", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ddb26e68-8031-5d69-8807-9f59ab5c4537", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2677783b-8a31-5505-9d98-0da6f47d22c5", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d4f5ce4d-b018-5a79-90a8-0dada74aa96f", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:107f3b5a-9d47-5c24-ab3c-db47dd309b1c", "id": "CVE-2026-41852", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41852 does not affect version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-webmvc. not_affected \u2014 Spring Framework 4.1.7.RELEASE is not affected by CVE-2026-41852. The vulnerability requires record-style property accessor support (empty-prefix method lookup), which was introduced in Spring 5.2+ and does not exist in version 4.1.7. While this version lacks void return type validation for getter methods, it cannot invoke arbitrary zero-argument methods as described in the CVE." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3d26db70-f649-5bf5-b912-1ab19a4ae236", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:424338f9-8cb2-5c5a-98a1-2499c9e8381a", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@4.1.7.RELEASE-tuxcare.4" } ] }