{
  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
  "bomFormat": "CycloneDX",
  "specVersion": "1.6",
  "serialNumber": "urn:uuid:40029bb6-5827-504d-9a27-ee7579d8e592",
  "version": 1,
  "metadata": {
    "tools": [
      {
        "name": "tuxcare-vex-generator",
        "version": "1.0.0"
      }
    ]
  },
  "components": [
    {
      "bom-ref": "pkg:npm/%40angular/http@9.1.13-tuxcare.10",
      "type": "library",
      "name": "@angular/http",
      "version": "9.1.13-tuxcare.10",
      "purl": "pkg:npm/%40angular/http@9.1.13-tuxcare.10"
    }
  ],
  "vulnerabilities": [
    {
      "bom-ref": "urn:uuid:b61104bb-4c33-5996-9c5d-4253a785ddc0",
      "id": "CVE-2021-4231",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2021-4231 is fixed in version 9.1.13-tuxcare.10 of @angular/http."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/http@9.1.13-tuxcare.10"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:a7599264-7628-5b97-a4d3-d4952980a9d5",
      "id": "CVE-2025-66035",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-66035 affects version 9.1.13-tuxcare.10 of @angular/http."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/http@9.1.13-tuxcare.10"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:eb95ca52-7039-5808-b4d2-9855fae7eecd",
      "id": "CVE-2025-66412",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-66412 is fixed in version 9.1.13-tuxcare.10 of @angular/http."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/http@9.1.13-tuxcare.10"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:1cd9678e-86e0-5a38-945d-e8d7f4296660",
      "id": "CVE-2026-22610",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-22610 is fixed in version 9.1.13-tuxcare.10 of @angular/http."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/http@9.1.13-tuxcare.10"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:fbf6cd16-d595-5294-8e72-2a3e2b4c866f",
      "id": "CVE-2026-27970",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-27970 is fixed in version 9.1.13-tuxcare.10 of @angular/http."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/http@9.1.13-tuxcare.10"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:ecc57e6a-3404-569c-ba89-9fc37c8afa38",
      "id": "CVE-2026-41423",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-41423 is fixed in version 9.1.13-tuxcare.10 of @angular/http."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/http@9.1.13-tuxcare.10"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:8cf77851-7d2f-54d9-8eb9-c14a831d728b",
      "id": "CVE-2026-46417",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-46417 is fixed in version 9.1.13-tuxcare.10 of @angular/http."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/http@9.1.13-tuxcare.10"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:892df605-1169-5bff-9c7f-114affc1abc8",
      "id": "CVE-2026-50168",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-50168 is fixed in version 9.1.13-tuxcare.10 of @angular/http."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/http@9.1.13-tuxcare.10"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:1f25c18c-a198-57ba-93b2-4c20ec373989",
      "id": "CVE-2026-50169",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-50169 is fixed in version 9.1.13-tuxcare.10 of @angular/http."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/http@9.1.13-tuxcare.10"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:8851df3c-c1f7-5f43-bf06-6f20e1c8371a",
      "id": "CVE-2026-50170",
      "analysis": {
        "state": "not_affected",
        "detail": "Vulnerability CVE-2026-50170 does not affect version 9.1.13-tuxcare.10 of @angular/http. not_affected \u2014 Angular v9.1.13 is not affected by CVE-2026-50170. The vulnerability exists in Angular's HttpTransferCache feature, which was introduced in Angular v16+. This feature does not exist in v9.1.13, making the vulnerability pattern impossible to manifest."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/http@9.1.13-tuxcare.10"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:442ba62e-a0a0-5b8a-808f-a9cec6af1e17",
      "id": "CVE-2026-50171",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-50171 is fixed in version 9.1.13-tuxcare.10 of @angular/http."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/http@9.1.13-tuxcare.10"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:420a4336-5973-5f2f-bca5-260f450c07aa",
      "id": "CVE-2026-50184",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-50184 is fixed in version 9.1.13-tuxcare.10 of @angular/http."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/http@9.1.13-tuxcare.10"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:ba607cab-1b65-5df1-a159-c033432449e5",
      "id": "CVE-2026-50555",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-50555 is fixed in version 9.1.13-tuxcare.10 of @angular/http."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/http@9.1.13-tuxcare.10"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:65a2457c-4fcb-51b5-9f7f-6960e8e84f75",
      "id": "CVE-2026-50556",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-50556 is fixed in version 9.1.13-tuxcare.10 of @angular/http."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/http@9.1.13-tuxcare.10"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:dd4043e4-567c-54de-95bd-b3e25bdfb176",
      "id": "CVE-2026-50557",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-50557 is fixed in version 9.1.13-tuxcare.10 of @angular/http."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/http@9.1.13-tuxcare.10"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:63390f84-fca9-528e-a2db-132bafb7fb42",
      "id": "CVE-2026-52725",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-52725 is fixed in version 9.1.13-tuxcare.10 of @angular/http."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/http@9.1.13-tuxcare.10"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:aa704708-b204-50cb-8ddd-2057cdec4e8f",
      "id": "CVE-2026-54264",
      "analysis": {
        "state": "not_affected",
        "detail": "Vulnerability CVE-2026-54264 does not affect version 9.1.13-tuxcare.10 of @angular/http. not_affected \u2014 Angular 9.1.13 is not affected by CVE-2026-54264. The target repository uses a fundamentally different request reconstruction architecture than the vulnerable upstream versions (22.0+). The vulnerability requires the presence of header-copying logic during request reconstruction, which does not exist in this version."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/http@9.1.13-tuxcare.10"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:de7b15dd-e637-5d1a-818a-1cf9201f0faf",
      "id": "CVE-2026-54265",
      "analysis": {
        "state": "not_affected",
        "detail": "Vulnerability CVE-2026-54265 does not affect version 9.1.13-tuxcare.10 of @angular/http. not_affected \u2014 Angular 9.1.13-tuxcare.9 is NOT AFFECTED by CVE-2026-54265. The vulnerability exists in newer Ivy compiler's template/pipeline architecture where TwoWayProperty operations bypass sanitizer resolution. This version uses View Engine and early render3 (Ivy) implementations where two-way bindings desugar through the same parsePropertyBinding() path as one-way bindings, ensuring identical sanitizer ..."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/http@9.1.13-tuxcare.10"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:3901c515-f0c7-5434-af96-6e06b3e3c604",
      "id": "CVE-2026-54266",
      "analysis": {
        "state": "not_affected",
        "detail": "Vulnerability CVE-2026-54266 does not affect version 9.1.13-tuxcare.10 of @angular/http. not_affected \u2014 Angular 9.1.13-tuxcare.9 does not contain the HttpTransferCache feature. The vulnerability CVE-2026-54266 affects the hash generation in HttpTransferCache, a feature introduced in Angular v16+. The target version (9.1.13) predates this feature by many major versions. While TransferState (generic state serialization) exists in v9, there is no HTTP caching integration that uses it. The packages/c..."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/http@9.1.13-tuxcare.10"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:85da9175-9e25-5b30-9987-c21c28979a3c",
      "id": "CVE-2026-54267",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-54267 is fixed in version 9.1.13-tuxcare.10 of @angular/http."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/http@9.1.13-tuxcare.10"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:3da1a7c3-6a44-5bd6-900c-22aea20b6a33",
      "id": "CVE-2026-54268",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-54268 is fixed in version 9.1.13-tuxcare.10 of @angular/http."
      },
      "affects": [
        {
          "ref": "pkg:npm/%40angular/http@9.1.13-tuxcare.10"
        }
      ]
    }
  ],
  "dependencies": [
    {
      "ref": "pkg:npm/%40angular/http@9.1.13-tuxcare.10"
    }
  ]
}