{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:c030c723-8b22-5f56-b3e9-1f61c277215b", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40angular/forms@8.0.3-tuxcare.1", "type": "library", "name": "@angular/forms", "version": "8.0.3-tuxcare.1", "purl": "pkg:npm/%40angular/forms@8.0.3-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:ec25e86c-f137-59a1-bb62-fc4e0c92d78b", "id": "CVE-2021-4231", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-4231 affects version 8.0.3-tuxcare.1 of @angular/forms." }, "affects": [ { "ref": "pkg:npm/%40angular/forms@8.0.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e1311a9a-cce2-5637-876b-6da928a430e6", "id": "CVE-2025-66035", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66035 affects version 8.0.3-tuxcare.1 of @angular/forms." }, "affects": [ { "ref": "pkg:npm/%40angular/forms@8.0.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7521d313-8295-57de-bb3f-0e4e6fc7071d", "id": "CVE-2025-66412", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66412 affects version 8.0.3-tuxcare.1 of @angular/forms." }, "affects": [ { "ref": "pkg:npm/%40angular/forms@8.0.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4558e965-e7f3-5342-b399-d3d9681e2288", "id": "CVE-2026-22610", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22610 affects version 8.0.3-tuxcare.1 of @angular/forms." }, "affects": [ { "ref": "pkg:npm/%40angular/forms@8.0.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5058a0d0-a28a-5645-9fad-89c025cf81c2", "id": "CVE-2026-27970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-27970 affects version 8.0.3-tuxcare.1 of @angular/forms." }, "affects": [ { "ref": "pkg:npm/%40angular/forms@8.0.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8f834e1c-1153-5feb-92e9-a1f6a6faf507", "id": "CVE-2026-41423", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41423 does not affect version 8.0.3-tuxcare.1 of @angular/forms. not_affected \u2014 The target Angular version 8.0.3 is not affected by CVE-2026-41423. The vulnerability requires WHATWG URL API (introduced in Angular 8.2.x+) to manifest the hostname override behavior. Version 8.0.3 uses Node.js legacy url.parse() which does not interpret protocol-relative URLs as having attacker-controlled hostnames." }, "affects": [ { "ref": "pkg:npm/%40angular/forms@8.0.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b4da5cd1-e292-5dfd-a356-473a26d3bc8c", "id": "CVE-2026-46417", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-46417 affects version 8.0.3-tuxcare.1 of @angular/forms." }, "affects": [ { "ref": "pkg:npm/%40angular/forms@8.0.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2ac79a04-ea8e-50c9-a96b-8da2c0b3c918", "id": "CVE-2026-50168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50168 affects version 8.0.3-tuxcare.1 of @angular/forms." }, "affects": [ { "ref": "pkg:npm/%40angular/forms@8.0.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5284e23e-2767-59fb-98fc-dec3cc87aa5c", "id": "CVE-2026-50169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50169 affects version 8.0.3-tuxcare.1 of @angular/forms." }, "affects": [ { "ref": "pkg:npm/%40angular/forms@8.0.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6dc87e20-6922-5a7e-9861-5054d1b6b8d1", "id": "CVE-2026-50170", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-50170 does not affect version 8.0.3-tuxcare.1 of @angular/forms. not_affected \u2014 The target Angular v8.0.3 is NOT affected by CVE-2026-50170. The vulnerability requires the HTTP transfer cache feature (packages/common/http/src/transfer_cache.ts) and client hydration mechanisms, which were introduced in Angular v16+. This version lacks the entire affected component." }, "affects": [ { "ref": "pkg:npm/%40angular/forms@8.0.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:42b14522-add6-5315-93bc-0bfbd0cd5e75", "id": "CVE-2026-50171", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50171 affects version 8.0.3-tuxcare.1 of @angular/forms." }, "affects": [ { "ref": "pkg:npm/%40angular/forms@8.0.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f98bc4fe-dde9-581c-815b-4aeabc9c3d50", "id": "CVE-2026-50184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50184 affects version 8.0.3-tuxcare.1 of @angular/forms." }, "affects": [ { "ref": "pkg:npm/%40angular/forms@8.0.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f7800803-c591-561c-90b0-7a2c14902194", "id": "CVE-2026-50555", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50555 affects version 8.0.3-tuxcare.1 of @angular/forms." }, "affects": [ { "ref": "pkg:npm/%40angular/forms@8.0.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c01948c3-ba31-52e5-856e-1ee6f35a6c13", "id": "CVE-2026-50556", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50556 affects version 8.0.3-tuxcare.1 of @angular/forms." }, "affects": [ { "ref": "pkg:npm/%40angular/forms@8.0.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f3d80d8f-adbe-5be9-af02-38182e588e83", "id": "CVE-2026-50557", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50557 affects version 8.0.3-tuxcare.1 of @angular/forms." }, "affects": [ { "ref": "pkg:npm/%40angular/forms@8.0.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4082425d-7b0f-5301-9b44-500501e92355", "id": "CVE-2026-52725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-52725 affects version 8.0.3-tuxcare.1 of @angular/forms." }, "affects": [ { "ref": "pkg:npm/%40angular/forms@8.0.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c5e566bb-0b38-522f-b01a-55aa7804437b", "id": "CVE-2026-54264", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54264 does not affect version 8.0.3-tuxcare.1 of @angular/forms. not_affected \u2014 The target Angular service-worker version 8.0.3-tuxcare.4 is NOT AFFECTED by CVE-2026-54264. The vulnerability requires the service worker to copy and forward request headers during cross-origin redirects. This version never copies headers: the AssetGroup path creates fresh requests from URLs only (no header preservation), and the DataGroup path delegates to the browser's spec-compliant fetch A..." }, "affects": [ { "ref": "pkg:npm/%40angular/forms@8.0.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ea97322a-e085-5c7b-b7b8-fe680a8610e8", "id": "CVE-2026-54265", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54265 affects version 8.0.3-tuxcare.1 of @angular/forms." }, "affects": [ { "ref": "pkg:npm/%40angular/forms@8.0.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:37504b46-6d28-5ed8-a6a9-34b8fe10853a", "id": "CVE-2026-54266", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54266 does not affect version 8.0.3-tuxcare.1 of @angular/forms. not_affected \u2014 Angular 8.0.3-tuxcare.4 is NOT affected by CVE-2026-54266. The vulnerable HttpTransferCache feature with its weak DJB2 hash-based cache key generation does not exist in this version. HttpTransferCache was introduced in Angular v16+, while this target is v8.0.3." }, "affects": [ { "ref": "pkg:npm/%40angular/forms@8.0.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c7d2589f-1363-5a0a-9da5-1d35a84cabda", "id": "CVE-2026-54267", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54267 affects version 8.0.3-tuxcare.1 of @angular/forms." }, "affects": [ { "ref": "pkg:npm/%40angular/forms@8.0.3-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2cb2a68e-ca2d-5998-b199-edeaa4e87a18", "id": "CVE-2026-54268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54268 affects version 8.0.3-tuxcare.1 of @angular/forms." }, "affects": [ { "ref": "pkg:npm/%40angular/forms@8.0.3-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40angular/forms@8.0.3-tuxcare.1" } ] }