{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:5f8ac31f-2034-597d-b21f-31600c32fa22", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40angular/platform-browser-dynamic@11.2.11-tuxcare.1", "type": "library", "name": "@angular/platform-browser-dynamic", "version": "11.2.11-tuxcare.1", "purl": "pkg:npm/%40angular/platform-browser-dynamic@11.2.11-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:3909716c-c3b6-5111-be5d-2fd3c1be37c9", "id": "CVE-2025-66035", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-66035 is fixed in version 11.2.11-tuxcare.1 of @angular/platform-browser-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@11.2.11-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6fb645bd-10c2-5c54-964a-337fa43d6f0f", "id": "CVE-2025-66412", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66412 affects version 11.2.11-tuxcare.1 of @angular/platform-browser-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@11.2.11-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:adb0cc39-614f-5ce3-b33e-d50a37ddccef", "id": "CVE-2026-22610", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22610 affects version 11.2.11-tuxcare.1 of @angular/platform-browser-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@11.2.11-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:13139536-e132-53df-8fa3-48b160358ba6", "id": "CVE-2026-27970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-27970 affects version 11.2.11-tuxcare.1 of @angular/platform-browser-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@11.2.11-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d09d995f-d447-5259-8671-2ec91d4be032", "id": "CVE-2026-41423", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41423 affects version 11.2.11-tuxcare.1 of @angular/platform-browser-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@11.2.11-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d6c949ba-506e-5b45-a7a9-e0b46c45e9af", "id": "CVE-2026-46417", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-46417 affects version 11.2.11-tuxcare.1 of @angular/platform-browser-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@11.2.11-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:11eb39be-896f-566b-8cf7-f659e92067b5", "id": "CVE-2026-50168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50168 affects version 11.2.11-tuxcare.1 of @angular/platform-browser-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@11.2.11-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1d9bdfbe-8283-5b61-aa2b-0da2147c20f6", "id": "CVE-2026-50169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50169 affects version 11.2.11-tuxcare.1 of @angular/platform-browser-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@11.2.11-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5745fa8c-9497-5860-a1fa-bdc411842572", "id": "CVE-2026-50170", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-50170 does not affect version 11.2.11-tuxcare.1 of @angular/platform-browser-dynamic. not_affected \u2014 Angular v11.2.11 is NOT AFFECTED by CVE-2026-50170. The vulnerability affects the HTTP transfer cache feature introduced in Angular v16+, which automatically caches HTTP responses during SSR and replays them during client hydration. This feature does not exist in v11.2.11. The target lacks the entire transfer_cache.ts module, withHttpTransferCache API, transferCacheInterceptorFn, and client hyd..." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@11.2.11-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:df255545-8ca8-57ad-9ca6-a68acf1c5626", "id": "CVE-2026-50171", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50171 affects version 11.2.11-tuxcare.1 of @angular/platform-browser-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@11.2.11-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3955708d-2d2f-54cf-8cc0-1ebf523f6719", "id": "CVE-2026-50184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50184 affects version 11.2.11-tuxcare.1 of @angular/platform-browser-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@11.2.11-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:591ad2d0-4a76-5581-b766-f7f0664a9d5c", "id": "CVE-2026-50555", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50555 affects version 11.2.11-tuxcare.1 of @angular/platform-browser-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@11.2.11-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a1e49998-1bc1-5f53-a779-a7e549028f04", "id": "CVE-2026-50556", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50556 affects version 11.2.11-tuxcare.1 of @angular/platform-browser-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@11.2.11-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f3ee308e-af99-571d-bb14-65fae0d01499", "id": "CVE-2026-50557", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50557 affects version 11.2.11-tuxcare.1 of @angular/platform-browser-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@11.2.11-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0923ac56-fe90-56f2-93ca-c010b389730b", "id": "CVE-2026-52725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-52725 affects version 11.2.11-tuxcare.1 of @angular/platform-browser-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@11.2.11-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ab19caf6-71cc-5fd6-b77c-22badf10abe9", "id": "CVE-2026-54264", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54264 does not affect version 11.2.11-tuxcare.1 of @angular/platform-browser-dynamic. not_affected \u2014 Angular 11.2.11-tuxcare.2 is NOT AFFECTED by CVE-2026-54264. The service worker in this version does not forward request headers during asset reconstruction, eliminating the cross-origin credential leak vulnerability. The vulnerable method `newRequestWithMetadata` that copies headers from the original request does not exist in this version." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@11.2.11-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ad5a7dee-729d-512a-be89-0bbf62cc6533", "id": "CVE-2026-54265", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54265 does not affect version 11.2.11-tuxcare.1 of @angular/platform-browser-dynamic. not_affected \u2014 Angular 11.2.11 is not affected by CVE-2026-54265. The vulnerability targets the new Ivy compiler's TwoWayProperty operation in the template compilation pipeline, which does not exist in Angular 11.2.11. In this version, two-way bindings desugar through the same sanitization-aware parsePropertyBinding code path as one-way bindings, ensuring security-sensitive properties are properly sanitized." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@11.2.11-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7ca5e91f-8fce-5d68-85b6-0704ce468ab4", "id": "CVE-2026-54266", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54266 does not affect version 11.2.11-tuxcare.1 of @angular/platform-browser-dynamic. not_affected \u2014 Angular version 11.2.11 is not affected by CVE-2026-54266. The vulnerable HttpTransferCache feature with weak DJB2 hash-based cache key generation does not exist in this version. This feature was introduced in Angular v16, and version 11.2.11 predates it entirely." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@11.2.11-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:df5a1d72-da5a-52f6-ba1c-a170e9aae047", "id": "CVE-2026-54267", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54267 affects version 11.2.11-tuxcare.1 of @angular/platform-browser-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@11.2.11-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2d008abe-b7e1-5bb3-9e87-af1874caf2af", "id": "CVE-2026-54268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54268 affects version 11.2.11-tuxcare.1 of @angular/platform-browser-dynamic." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@11.2.11-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40angular/platform-browser-dynamic@11.2.11-tuxcare.1" } ] }