{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:9f9e3471-a051-5af2-9350-61828aacddc8", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40angular/http@8.0.3-tuxcare.2", "type": "library", "name": "@angular/http", "version": "8.0.3-tuxcare.2", "purl": "pkg:npm/%40angular/http@8.0.3-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:2fd8611f-2721-5a49-9936-d3ae30f02fb5", "id": "CVE-2021-4231", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-4231 is fixed in version 8.0.3-tuxcare.2 of @angular/http." }, "affects": [ { "ref": "pkg:npm/%40angular/http@8.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f1708179-a78b-5acb-ae9b-394616a3d94d", "id": "CVE-2025-66035", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-66035 is fixed in version 8.0.3-tuxcare.2 of @angular/http." }, "affects": [ { "ref": "pkg:npm/%40angular/http@8.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:02ba8626-bb2b-541c-9f05-611a00944573", "id": "CVE-2025-66412", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66412 affects version 8.0.3-tuxcare.2 of @angular/http." }, "affects": [ { "ref": "pkg:npm/%40angular/http@8.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6c237274-a2d0-5ba1-a94b-6c90bfc9ce72", "id": "CVE-2026-22610", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22610 affects version 8.0.3-tuxcare.2 of @angular/http." }, "affects": [ { "ref": "pkg:npm/%40angular/http@8.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4357a7ec-ba73-5d52-96f8-c505823ddcaa", "id": "CVE-2026-27970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-27970 affects version 8.0.3-tuxcare.2 of @angular/http." }, "affects": [ { "ref": "pkg:npm/%40angular/http@8.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ef839715-9019-5309-a7b8-56240c61fe0f", "id": "CVE-2026-41423", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41423 does not affect version 8.0.3-tuxcare.2 of @angular/http. not_affected \u2014 The target Angular version 8.0.3 is not affected by CVE-2026-41423. The vulnerability requires WHATWG URL API (introduced in Angular 8.2.x+) to manifest the hostname override behavior. Version 8.0.3 uses Node.js legacy url.parse() which does not interpret protocol-relative URLs as having attacker-controlled hostnames." }, "affects": [ { "ref": "pkg:npm/%40angular/http@8.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f8243e56-45ef-50b4-b86e-f584681cab7e", "id": "CVE-2026-46417", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-46417 affects version 8.0.3-tuxcare.2 of @angular/http." }, "affects": [ { "ref": "pkg:npm/%40angular/http@8.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cc6956ef-ae63-5691-beeb-378f59f5dba6", "id": "CVE-2026-50168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50168 affects version 8.0.3-tuxcare.2 of @angular/http." }, "affects": [ { "ref": "pkg:npm/%40angular/http@8.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4a05609a-a077-5f55-bca7-ff2d5b8adbf8", "id": "CVE-2026-50169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50169 affects version 8.0.3-tuxcare.2 of @angular/http." }, "affects": [ { "ref": "pkg:npm/%40angular/http@8.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:be47121c-fa6e-5193-aee6-4cd110f75344", "id": "CVE-2026-50170", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-50170 does not affect version 8.0.3-tuxcare.2 of @angular/http. not_affected \u2014 The target Angular v8.0.3 is NOT affected by CVE-2026-50170. The vulnerability requires the HTTP transfer cache feature (packages/common/http/src/transfer_cache.ts) and client hydration mechanisms, which were introduced in Angular v16+. This version lacks the entire affected component." }, "affects": [ { "ref": "pkg:npm/%40angular/http@8.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:08eefc7e-a236-5d10-99c5-020bee3776e5", "id": "CVE-2026-50171", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50171 affects version 8.0.3-tuxcare.2 of @angular/http." }, "affects": [ { "ref": "pkg:npm/%40angular/http@8.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a174e4ea-9f95-5158-884b-d348e55bb15e", "id": "CVE-2026-50184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50184 affects version 8.0.3-tuxcare.2 of @angular/http." }, "affects": [ { "ref": "pkg:npm/%40angular/http@8.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:51b26e91-eba6-58fc-8582-b0a208b0a9ec", "id": "CVE-2026-50555", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50555 affects version 8.0.3-tuxcare.2 of @angular/http." }, "affects": [ { "ref": "pkg:npm/%40angular/http@8.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:614e01ed-899a-5ea8-86e6-6420564cf47b", "id": "CVE-2026-50556", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50556 affects version 8.0.3-tuxcare.2 of @angular/http." }, "affects": [ { "ref": "pkg:npm/%40angular/http@8.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:415601c3-43da-53f0-bf43-a2702c5b5421", "id": "CVE-2026-50557", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50557 affects version 8.0.3-tuxcare.2 of @angular/http." }, "affects": [ { "ref": "pkg:npm/%40angular/http@8.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:68bbb6de-5c8e-5244-887c-8daaab6c1d7d", "id": "CVE-2026-52725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-52725 affects version 8.0.3-tuxcare.2 of @angular/http." }, "affects": [ { "ref": "pkg:npm/%40angular/http@8.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1027b18f-4be4-5196-b09f-e7c026640ce8", "id": "CVE-2026-54264", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54264 does not affect version 8.0.3-tuxcare.2 of @angular/http. not_affected \u2014 The target Angular service-worker version 8.0.3-tuxcare.4 is NOT AFFECTED by CVE-2026-54264. The vulnerability requires the service worker to copy and forward request headers during cross-origin redirects. This version never copies headers: the AssetGroup path creates fresh requests from URLs only (no header preservation), and the DataGroup path delegates to the browser's spec-compliant fetch A..." }, "affects": [ { "ref": "pkg:npm/%40angular/http@8.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:795f5dcf-5777-5de5-81ba-112d9682fade", "id": "CVE-2026-54265", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54265 affects version 8.0.3-tuxcare.2 of @angular/http." }, "affects": [ { "ref": "pkg:npm/%40angular/http@8.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bfd30b8b-3309-54ea-9626-ce2cebd602db", "id": "CVE-2026-54266", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54266 does not affect version 8.0.3-tuxcare.2 of @angular/http. not_affected \u2014 Angular 8.0.3-tuxcare.4 is NOT affected by CVE-2026-54266. The vulnerable HttpTransferCache feature with its weak DJB2 hash-based cache key generation does not exist in this version. HttpTransferCache was introduced in Angular v16+, while this target is v8.0.3." }, "affects": [ { "ref": "pkg:npm/%40angular/http@8.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:67162d2d-86d0-5908-8d4f-55228c60cc8c", "id": "CVE-2026-54267", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54267 affects version 8.0.3-tuxcare.2 of @angular/http." }, "affects": [ { "ref": "pkg:npm/%40angular/http@8.0.3-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bf54ab65-59fa-5cd9-8c4c-b1b6a6d6b502", "id": "CVE-2026-54268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54268 affects version 8.0.3-tuxcare.2 of @angular/http." }, "affects": [ { "ref": "pkg:npm/%40angular/http@8.0.3-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40angular/http@8.0.3-tuxcare.2" } ] }