{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:72eebc50-3539-59e0-9ecf-770c7e718d7a", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40angular/benchpress@8.0.3-tuxcare.2", "type": "library", "name": "@angular/benchpress", "version": "8.0.3-tuxcare.2", "purl": "pkg:npm/%40angular/benchpress@8.0.3-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:ea2a5973-f4bf-5bed-a72f-a076e1028737", "id": "CVE-2021-4231", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-4231 is fixed in version 8.0.3-tuxcare.2 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@8.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:88b439bb-1ee9-557b-bbfe-92d3fcdd23e6", "id": "CVE-2025-66035", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-66035 is fixed in version 8.0.3-tuxcare.2 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@8.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:82fd9b6e-6dd4-5e4c-9fee-6b2a7975c2c8", "id": "CVE-2025-66412", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66412 affects version 8.0.3-tuxcare.2 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@8.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1d98b300-fe08-5660-af17-8e2730b54786", "id": "CVE-2026-22610", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22610 affects version 8.0.3-tuxcare.2 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@8.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fde8d994-c128-5907-b5d6-52b2ef1871c2", "id": "CVE-2026-27970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-27970 affects version 8.0.3-tuxcare.2 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@8.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b00fcf79-b11f-5509-ac75-39a8a0a77fec", "id": "CVE-2026-41423", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41423 does not affect version 8.0.3-tuxcare.2 of @angular/benchpress. not_affected \u2014 The target Angular version 8.0.3 is not affected by CVE-2026-41423. The vulnerability requires WHATWG URL API (introduced in Angular 8.2.x+) to manifest the hostname override behavior. Version 8.0.3 uses Node.js legacy url.parse() which does not interpret protocol-relative URLs as having attacker-controlled hostnames." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@8.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:31ada99b-a5e8-5216-aecc-84866ee39e88", "id": "CVE-2026-46417", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-46417 affects version 8.0.3-tuxcare.2 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@8.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:45ff7882-12cd-52a2-903c-1b2806822e0f", "id": "CVE-2026-50168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50168 affects version 8.0.3-tuxcare.2 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@8.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bbc212fc-46bb-5c36-a511-bac37824cc9c", "id": "CVE-2026-50169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50169 affects version 8.0.3-tuxcare.2 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@8.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9a498fa0-e56e-55cb-874f-bbf72f89f706", "id": "CVE-2026-50170", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-50170 does not affect version 8.0.3-tuxcare.2 of @angular/benchpress. not_affected \u2014 The target Angular v8.0.3 is NOT affected by CVE-2026-50170. The vulnerability requires the HTTP transfer cache feature (packages/common/http/src/transfer_cache.ts) and client hydration mechanisms, which were introduced in Angular v16+. This version lacks the entire affected component." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@8.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:34d4582e-d583-5846-bedc-17a0d1493080", "id": "CVE-2026-50171", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50171 affects version 8.0.3-tuxcare.2 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@8.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b599fc30-6a49-53fd-a87d-0aa3916dddf0", "id": "CVE-2026-50184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50184 affects version 8.0.3-tuxcare.2 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@8.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:607253bd-bca4-5dac-b56a-94c62b52d7f1", "id": "CVE-2026-50555", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50555 affects version 8.0.3-tuxcare.2 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@8.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d18348a5-950a-5576-a6b6-99d342ded576", "id": "CVE-2026-50556", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50556 affects version 8.0.3-tuxcare.2 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@8.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3e85fac1-9062-58b2-9640-5422520bb5dd", "id": "CVE-2026-50557", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50557 affects version 8.0.3-tuxcare.2 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@8.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a60f65f0-7a86-5260-bf69-af29f65b9ede", "id": "CVE-2026-52725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-52725 affects version 8.0.3-tuxcare.2 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@8.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bd496dbc-ec3c-5b89-9d1d-2de0e3a2b8a6", "id": "CVE-2026-54264", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54264 does not affect version 8.0.3-tuxcare.2 of @angular/benchpress. not_affected \u2014 The target Angular service-worker version 8.0.3-tuxcare.4 is NOT AFFECTED by CVE-2026-54264. The vulnerability requires the service worker to copy and forward request headers during cross-origin redirects. This version never copies headers: the AssetGroup path creates fresh requests from URLs only (no header preservation), and the DataGroup path delegates to the browser's spec-compliant fetch A..." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@8.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:34af819c-8df8-5140-8146-5afc88c65c5c", "id": "CVE-2026-54265", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54265 affects version 8.0.3-tuxcare.2 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@8.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:52521780-6f31-5b4b-a480-563b789aa2d8", "id": "CVE-2026-54266", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54266 does not affect version 8.0.3-tuxcare.2 of @angular/benchpress. not_affected \u2014 Angular 8.0.3-tuxcare.4 is NOT affected by CVE-2026-54266. The vulnerable HttpTransferCache feature with its weak DJB2 hash-based cache key generation does not exist in this version. HttpTransferCache was introduced in Angular v16+, while this target is v8.0.3." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@8.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0819de10-ee46-5a30-89bd-29dd20d6a293", "id": "CVE-2026-54267", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54267 affects version 8.0.3-tuxcare.2 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@8.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ec121a82-a95d-5230-b81c-510e9ba15aca", "id": "CVE-2026-54268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54268 affects version 8.0.3-tuxcare.2 of @angular/benchpress." }, "affects": [ { "ref": "pkg:npm/%40angular/benchpress@8.0.3-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40angular/benchpress@8.0.3-tuxcare.2" } ] }