{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:b5ac9cbc-3f44-570f-b289-077bddfcc09d", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40angular/benchpress@11.2.11-tuxcare.2", "type": "library", "name": "@angular/benchpress", "version": "11.2.11-tuxcare.2", "purl": "pkg:npm/%40angular/benchpress@11.2.11-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:40b1ee81-afbc-5049-a3dc-4a415a939641", "id": "CVE-2025-66035", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-66035 is fixed in version 11.2.11-tuxcare.2 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@11.2.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1958f256-8802-516d-8b23-8d91fae603af", "id": "CVE-2025-66412", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-66412 is fixed in version 11.2.11-tuxcare.2 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@11.2.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:81bce060-fded-5217-b745-49c8786ed976", "id": "CVE-2026-22610", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22610 affects version 11.2.11-tuxcare.2 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@11.2.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d02f5677-2ea0-5105-b78f-6456f7c7d15b", "id": "CVE-2026-27970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-27970 affects version 11.2.11-tuxcare.2 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@11.2.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2419419f-b73e-522d-8bfd-b55eda5f1e47", "id": "CVE-2026-41423", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41423 affects version 11.2.11-tuxcare.2 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@11.2.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:650dc979-c7fb-5999-912b-2e09762a484d", "id": "CVE-2026-46417", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-46417 affects version 11.2.11-tuxcare.2 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@11.2.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:caf4b0a3-7034-599e-9367-5094d6145a4f", "id": "CVE-2026-50168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50168 affects version 11.2.11-tuxcare.2 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@11.2.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:19947675-4c32-564f-bdcb-91c79a10e167", "id": "CVE-2026-50169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50169 affects version 11.2.11-tuxcare.2 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@11.2.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:81e95765-9aae-5d9b-9793-27a3aba6309a", "id": "CVE-2026-50170", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-50170 does not affect version 11.2.11-tuxcare.2 of @angular/benchpress. not_affected \u2014 Angular v11.2.11 is NOT AFFECTED by CVE-2026-50170. The vulnerability affects the HTTP transfer cache feature introduced in Angular v16+, which automatically caches HTTP responses during SSR and replays them during client hydration. This feature does not exist in v11.2.11. The target lacks the entire transfer_cache.ts module, withHttpTransferCache API, transferCacheInterceptorFn, and client hyd..." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@11.2.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a34f9259-30f2-55ed-8bbf-23395a537d7a", "id": "CVE-2026-50171", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50171 affects version 11.2.11-tuxcare.2 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@11.2.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:78e968c2-4817-5597-b54c-db8a7b8a55fb", "id": "CVE-2026-50184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50184 affects version 11.2.11-tuxcare.2 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@11.2.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0e8c054a-974a-54c0-bcc6-8232e403bdcd", "id": "CVE-2026-50555", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50555 affects version 11.2.11-tuxcare.2 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@11.2.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:16c36fe9-18f3-557f-87cc-d06a4eaac07a", "id": "CVE-2026-50556", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50556 affects version 11.2.11-tuxcare.2 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@11.2.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:de208eb1-3665-5219-aad2-d7ecc1d60077", "id": "CVE-2026-50557", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50557 affects version 11.2.11-tuxcare.2 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@11.2.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ea2330b5-50e1-5924-a801-d4cc27450827", "id": "CVE-2026-52725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-52725 affects version 11.2.11-tuxcare.2 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@11.2.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:efe0f498-2bf5-5e66-acf5-cf3181a0e855", "id": "CVE-2026-54264", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54264 does not affect version 11.2.11-tuxcare.2 of @angular/benchpress. not_affected \u2014 Angular 11.2.11-tuxcare.2 is NOT AFFECTED by CVE-2026-54264. The service worker in this version does not forward request headers during asset reconstruction, eliminating the cross-origin credential leak vulnerability. The vulnerable method `newRequestWithMetadata` that copies headers from the original request does not exist in this version." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@11.2.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:eed78e7b-61a1-5c2d-9aaf-b53f0c2304b3", "id": "CVE-2026-54265", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54265 does not affect version 11.2.11-tuxcare.2 of @angular/benchpress. not_affected \u2014 Angular 11.2.11 is not affected by CVE-2026-54265. The vulnerability targets the new Ivy compiler's TwoWayProperty operation in the template compilation pipeline, which does not exist in Angular 11.2.11. In this version, two-way bindings desugar through the same sanitization-aware parsePropertyBinding code path as one-way bindings, ensuring security-sensitive properties are properly sanitized." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@11.2.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e65ee44d-7962-57df-90e3-942fc777bfde", "id": "CVE-2026-54266", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54266 does not affect version 11.2.11-tuxcare.2 of @angular/benchpress. not_affected \u2014 Angular version 11.2.11 is not affected by CVE-2026-54266. The vulnerable HttpTransferCache feature with weak DJB2 hash-based cache key generation does not exist in this version. This feature was introduced in Angular v16, and version 11.2.11 predates it entirely." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@11.2.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6a536c50-7be3-593f-ae8f-d416a43ac729", "id": "CVE-2026-54267", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54267 affects version 11.2.11-tuxcare.2 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@11.2.11-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:18a4c8ab-87c6-5a04-b6a3-16185709f7f9", "id": "CVE-2026-54268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54268 affects version 11.2.11-tuxcare.2 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@11.2.11-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40angular/benchpress@11.2.11-tuxcare.2" } ] }