{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:5a3f7b36-a1db-59f4-923a-32ca7e267208", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40angular/platform-browser@11.2.11", "type": "library", "name": "@angular/platform-browser", "version": "11.2.11", "purl": "pkg:npm/%40angular/platform-browser@11.2.11" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:82ef0751-072d-5a24-971b-4690354da625", "id": "CVE-2026-22610", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22610 affects version 11.2.11 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@11.2.11" } ] }, { "bom-ref": "urn:uuid:d7a3f5c5-722f-560c-8d1d-94048b6513ae", "id": "CVE-2026-27970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-27970 affects version 11.2.11 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@11.2.11" } ] }, { "bom-ref": "urn:uuid:802de4b1-f260-5a4b-92a4-4460dc1d5f88", "id": "CVE-2026-41423", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41423 affects version 11.2.11 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@11.2.11" } ] }, { "bom-ref": "urn:uuid:8fab0e9a-4e71-550b-9e95-b86d42b59093", "id": "CVE-2026-46417", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-46417 affects version 11.2.11 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@11.2.11" } ] }, { "bom-ref": "urn:uuid:00e4717b-583f-580c-a08f-ad945b702f7d", "id": "CVE-2026-50168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50168 affects version 11.2.11 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@11.2.11" } ] }, { "bom-ref": "urn:uuid:79fe0700-93db-5d4b-aa67-55449a448158", "id": "CVE-2026-50169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50169 affects version 11.2.11 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@11.2.11" } ] }, { "bom-ref": "urn:uuid:02638d2b-3722-59d6-9a9d-82f41c67512c", "id": "CVE-2026-50170", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-50170 does not affect version 11.2.11 of @angular/platform-browser. not_affected \u2014 Angular v11.2.11 is NOT AFFECTED by CVE-2026-50170. The vulnerability affects the HTTP transfer cache feature introduced in Angular v16+, which automatically caches HTTP responses during SSR and replays them during client hydration. This feature does not exist in v11.2.11. The target lacks the entire transfer_cache.ts module, withHttpTransferCache API, transferCacheInterceptorFn, and client hyd..." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@11.2.11" } ] }, { "bom-ref": "urn:uuid:a44842f9-0f36-5a9e-a3b0-4c968511daba", "id": "CVE-2026-50171", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50171 affects version 11.2.11 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@11.2.11" } ] }, { "bom-ref": "urn:uuid:5c7c9d43-bfb0-5aac-a563-ada27d65baf3", "id": "CVE-2026-50184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50184 affects version 11.2.11 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@11.2.11" } ] }, { "bom-ref": "urn:uuid:b92b37e8-c35e-5183-88be-307a30302d3b", "id": "CVE-2026-50555", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50555 affects version 11.2.11 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@11.2.11" } ] }, { "bom-ref": "urn:uuid:189febb9-0fe0-5b95-bbac-0db9669e5629", "id": "CVE-2026-50556", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50556 affects version 11.2.11 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@11.2.11" } ] }, { "bom-ref": "urn:uuid:000af283-cad9-5317-a312-8fb5a3ae2e10", "id": "CVE-2026-50557", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50557 affects version 11.2.11 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@11.2.11" } ] }, { "bom-ref": "urn:uuid:c71ab883-98ec-5c85-be3f-0a1496f2e0d6", "id": "CVE-2026-52725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-52725 affects version 11.2.11 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@11.2.11" } ] }, { "bom-ref": "urn:uuid:6cf8c37e-ab89-5978-941a-74a51d53871c", "id": "CVE-2026-54264", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54264 does not affect version 11.2.11 of @angular/platform-browser. not_affected \u2014 Angular 11.2.11-tuxcare.2 is NOT AFFECTED by CVE-2026-54264. The service worker in this version does not forward request headers during asset reconstruction, eliminating the cross-origin credential leak vulnerability. The vulnerable method `newRequestWithMetadata` that copies headers from the original request does not exist in this version." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@11.2.11" } ] }, { "bom-ref": "urn:uuid:c1b86018-59e3-538d-854e-6a024ed3db46", "id": "CVE-2026-54265", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54265 does not affect version 11.2.11 of @angular/platform-browser. not_affected \u2014 Angular 11.2.11 is not affected by CVE-2026-54265. The vulnerability targets the new Ivy compiler's TwoWayProperty operation in the template compilation pipeline, which does not exist in Angular 11.2.11. In this version, two-way bindings desugar through the same sanitization-aware parsePropertyBinding code path as one-way bindings, ensuring security-sensitive properties are properly sanitized." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@11.2.11" } ] }, { "bom-ref": "urn:uuid:c89e885b-3684-54ed-a7b4-db8c53783703", "id": "CVE-2026-54266", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54266 does not affect version 11.2.11 of @angular/platform-browser. not_affected \u2014 Angular version 11.2.11 is not affected by CVE-2026-54266. The vulnerable HttpTransferCache feature with weak DJB2 hash-based cache key generation does not exist in this version. This feature was introduced in Angular v16, and version 11.2.11 predates it entirely." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@11.2.11" } ] }, { "bom-ref": "urn:uuid:7f00455a-ef3d-50e5-b39c-d8375738e396", "id": "CVE-2026-54267", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54267 affects version 11.2.11 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@11.2.11" } ] }, { "bom-ref": "urn:uuid:dc8108a2-970b-53ff-bcb6-11051388d13f", "id": "CVE-2026-54268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54268 affects version 11.2.11 of @angular/platform-browser." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-browser@11.2.11" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40angular/platform-browser@11.2.11" } ] }