{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:9a532650-46d9-5e9b-b95d-0e767432a7eb", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40angular/forms@8.0.0-tuxcare.2", "type": "library", "name": "@angular/forms", "version": "8.0.0-tuxcare.2", "purl": "pkg:npm/%40angular/forms@8.0.0-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:e3e5f5e6-b965-5fde-a78b-97e2799b03b6", "id": "CVE-2021-4231", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-4231 affects version 8.0.0-tuxcare.2 of @angular/forms." }, "affects": [ { "ref": "pkg:npm/%40angular/forms@8.0.0-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8704c455-fc7f-5d85-ad4d-3eba913cad51", "id": "CVE-2025-66035", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-66035 is fixed in version 8.0.0-tuxcare.2 of @angular/forms." }, "affects": [ { "ref": "pkg:npm/%40angular/forms@8.0.0-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c725bc5e-1700-56f8-89a1-54afcba562b8", "id": "CVE-2025-66412", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-66412 is fixed in version 8.0.0-tuxcare.2 of @angular/forms." }, "affects": [ { "ref": "pkg:npm/%40angular/forms@8.0.0-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4c4a2b23-8c15-528f-8bdc-dc348985dcc5", "id": "CVE-2026-22610", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22610 affects version 8.0.0-tuxcare.2 of @angular/forms." }, "affects": [ { "ref": "pkg:npm/%40angular/forms@8.0.0-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2d7e2012-7bab-5731-a66d-c29597b4cc75", "id": "CVE-2026-27970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-27970 affects version 8.0.0-tuxcare.2 of @angular/forms." }, "affects": [ { "ref": "pkg:npm/%40angular/forms@8.0.0-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:72e59aa9-8cba-5bd4-b3a9-7dd7a7c44f3c", "id": "CVE-2026-41423", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41423 does not affect version 8.0.0-tuxcare.2 of @angular/forms. not_affected \u2014 The target Angular 8.0.0 is not affected by CVE-2026-41423. The vulnerability exists only in newer Angular versions (17+) that use the WHATWG URL API. The target uses Node.js url.parse() which does not interpret protocol-relative URLs (//evil.com) as hostname overrides when used without a base URL parameter." }, "affects": [ { "ref": "pkg:npm/%40angular/forms@8.0.0-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:453b46de-bd14-5f39-af5c-0abe97146c8b", "id": "CVE-2026-46417", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-46417 affects version 8.0.0-tuxcare.2 of @angular/forms." }, "affects": [ { "ref": "pkg:npm/%40angular/forms@8.0.0-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:475b5f22-2902-597f-aef6-e6fa66f23886", "id": "CVE-2026-50168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50168 affects version 8.0.0-tuxcare.2 of @angular/forms." }, "affects": [ { "ref": "pkg:npm/%40angular/forms@8.0.0-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a2f38f5c-6f92-54df-a150-f90c72f3bb55", "id": "CVE-2026-50169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50169 affects version 8.0.0-tuxcare.2 of @angular/forms." }, "affects": [ { "ref": "pkg:npm/%40angular/forms@8.0.0-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:14b555be-919b-58d2-849a-1177b046b830", "id": "CVE-2026-50170", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-50170 does not affect version 8.0.0-tuxcare.2 of @angular/forms. not_affected \u2014 Angular v8.0.0 is not affected by CVE-2026-50170. The vulnerability requires the HTTP TransferCache feature (automatic caching of HTTP responses during SSR with client hydration), which was introduced in Angular v16+. Version 8.0.0 lacks the vulnerable code path entirely: no transfer_cache.ts, no transferCacheInterceptorFn, no shouldCacheRequest() function, and no automatic HTTP response cachin..." }, "affects": [ { "ref": "pkg:npm/%40angular/forms@8.0.0-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c8617b8a-1ad2-5c07-af7d-e85a2cb42dbe", "id": "CVE-2026-50171", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50171 affects version 8.0.0-tuxcare.2 of @angular/forms." }, "affects": [ { "ref": "pkg:npm/%40angular/forms@8.0.0-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dbac61b1-2180-53b8-9949-2c15d4a2f179", "id": "CVE-2026-50184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50184 affects version 8.0.0-tuxcare.2 of @angular/forms." }, "affects": [ { "ref": "pkg:npm/%40angular/forms@8.0.0-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ddaab135-5b99-5178-872c-a286a5b5d76f", "id": "CVE-2026-50555", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50555 affects version 8.0.0-tuxcare.2 of @angular/forms." }, "affects": [ { "ref": "pkg:npm/%40angular/forms@8.0.0-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4d0b9d3f-b355-58e2-b0f5-ba59e1403ac8", "id": "CVE-2026-50556", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50556 affects version 8.0.0-tuxcare.2 of @angular/forms." }, "affects": [ { "ref": "pkg:npm/%40angular/forms@8.0.0-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f3d3fbfe-47de-5a80-b84e-56c48693d37a", "id": "CVE-2026-50557", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50557 affects version 8.0.0-tuxcare.2 of @angular/forms." }, "affects": [ { "ref": "pkg:npm/%40angular/forms@8.0.0-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7dd27526-7457-530c-a826-d09acba70a56", "id": "CVE-2026-52725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-52725 affects version 8.0.0-tuxcare.2 of @angular/forms." }, "affects": [ { "ref": "pkg:npm/%40angular/forms@8.0.0-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d3d30d6c-482f-5182-8500-e76192ffbab4", "id": "CVE-2026-54264", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54264 does not affect version 8.0.0-tuxcare.2 of @angular/forms. not_affected \u2014 Target version 8.0.0-tuxcare.2 is NOT AFFECTED by CVE-2026-54264. The Service Worker implementation strips ALL request headers (including Authorization, Proxy-Authorization, and Cookie) when reconstructing network requests for asset fetches. This architectural design prevents sensitive headers from being forwarded to any destination, including cross-origin redirect targets." }, "affects": [ { "ref": "pkg:npm/%40angular/forms@8.0.0-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:628c05d9-85f9-5960-9149-10093fb3af80", "id": "CVE-2026-54265", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54265 does not affect version 8.0.0-tuxcare.2 of @angular/forms. not_affected \u2014 Angular 8.0.0-tuxcare.2 is NOT affected by CVE-2026-54265. This vulnerability is specific to the Ivy template compiler pipeline introduced in Angular 9+. Angular 8.0.0 uses View Engine, which desugars two-way bindings through the same parsePropertyBinding() code path as one-way bindings, inherently applying schema-derived sanitization. The vulnerable TwoWayProperty operation and resolve_sanitiz..." }, "affects": [ { "ref": "pkg:npm/%40angular/forms@8.0.0-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c0d3555e-377c-5894-b4eb-8017fa3dc23e", "id": "CVE-2026-54266", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54266 does not affect version 8.0.0-tuxcare.2 of @angular/forms. not_affected \u2014 Angular 8.0.0 does not contain the vulnerable HttpTransferCache feature. The CVE-2026-54266 vulnerability affects HttpTransferCache, which was introduced in Angular 9+. While this version has the underlying TransferState mechanism, it lacks the automatic HTTP request caching feature with the vulnerable DJB2 hash-based cache key generation." }, "affects": [ { "ref": "pkg:npm/%40angular/forms@8.0.0-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5e04696e-d7d2-5472-80a0-6178b976fb7f", "id": "CVE-2026-54267", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54267 affects version 8.0.0-tuxcare.2 of @angular/forms." }, "affects": [ { "ref": "pkg:npm/%40angular/forms@8.0.0-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f35f362e-207e-56a3-a56c-63a732060bc5", "id": "CVE-2026-54268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54268 affects version 8.0.0-tuxcare.2 of @angular/forms." }, "affects": [ { "ref": "pkg:npm/%40angular/forms@8.0.0-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40angular/forms@8.0.0-tuxcare.2" } ] }