{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:482f9300-ce86-5b22-89ca-cff3bb38c056", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40angular/platform-webworker@7.2.1-tuxcare.1", "type": "library", "name": "@angular/platform-webworker", "version": "7.2.1-tuxcare.1", "purl": "pkg:npm/%40angular/platform-webworker@7.2.1-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:5a391f41-23dc-5e18-af4f-f6f73171af27", "id": "CVE-2021-4231", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-4231 affects version 7.2.1-tuxcare.1 of @angular/platform-webworker." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-webworker@7.2.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3c925bdc-5735-593d-a6e0-203b3b74d3ae", "id": "CVE-2025-66035", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-66035 is fixed in version 7.2.1-tuxcare.1 of @angular/platform-webworker." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-webworker@7.2.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:396f0ed4-dc6d-5f6f-b8f8-a864287014d8", "id": "CVE-2025-66412", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66412 affects version 7.2.1-tuxcare.1 of @angular/platform-webworker." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-webworker@7.2.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f34a23ce-54de-5005-8a87-b6c2bf07c6f6", "id": "CVE-2026-22610", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22610 affects version 7.2.1-tuxcare.1 of @angular/platform-webworker." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-webworker@7.2.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:85878d1f-529d-5639-af7f-0c5b114670c2", "id": "CVE-2026-27970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-27970 affects version 7.2.1-tuxcare.1 of @angular/platform-webworker." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-webworker@7.2.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2c1f30f5-ce12-5f10-8915-43aa8963d760", "id": "CVE-2026-41423", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41423 does not affect version 7.2.1-tuxcare.1 of @angular/platform-webworker. not_affected \u2014 Angular v7.2.1-tuxcare.2 is NOT affected by CVE-2026-41423. The vulnerability requires WHATWG URL parsing with hostname exposure, but this version uses Node.js url.parse() and does not expose hostname/protocol/port properties. The architectural difference between v7.2.1 (legacy url.parse, no hostname tracking) and v8.2.14+ (WHATWG URL, hostname tracking) means the vulnerability pattern does not..." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-webworker@7.2.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9009ef35-e3cd-5c09-bcea-069f5dad23ab", "id": "CVE-2026-46417", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-46417 affects version 7.2.1-tuxcare.1 of @angular/platform-webworker." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-webworker@7.2.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:acdfb4d3-ad68-59f0-88d4-9525e48e1df8", "id": "CVE-2026-50168", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50168 affects version 7.2.1-tuxcare.1 of @angular/platform-webworker." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-webworker@7.2.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e47dbc2c-73e9-5a6e-b49b-7c017c37e75c", "id": "CVE-2026-50169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50169 affects version 7.2.1-tuxcare.1 of @angular/platform-webworker." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-webworker@7.2.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bc909083-9f04-5496-a13e-981d83fc0163", "id": "CVE-2026-50170", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-50170 does not affect version 7.2.1-tuxcare.1 of @angular/platform-webworker. not_affected \u2014 Angular v7.2.1-tuxcare.2 is not affected by CVE-2026-50170. The HTTP Transfer Cache feature that contains the vulnerability does not exist in this version. The feature was introduced in Angular v16+, while this target is v7.2.1." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-webworker@7.2.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f1e82142-1d05-5a4f-9539-046ab861cbe5", "id": "CVE-2026-50171", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50171 affects version 7.2.1-tuxcare.1 of @angular/platform-webworker." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-webworker@7.2.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d3ffba71-b7b8-5ffa-801d-01eceec8908a", "id": "CVE-2026-50184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50184 affects version 7.2.1-tuxcare.1 of @angular/platform-webworker." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-webworker@7.2.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ebb73344-7850-539f-9f22-a294f3e2edb2", "id": "CVE-2026-50555", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50555 affects version 7.2.1-tuxcare.1 of @angular/platform-webworker." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-webworker@7.2.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d01b4f18-5aec-5a62-b899-3c5bdd503b1f", "id": "CVE-2026-50556", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50556 affects version 7.2.1-tuxcare.1 of @angular/platform-webworker." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-webworker@7.2.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:31822acd-e37f-5650-bba2-84247b699414", "id": "CVE-2026-50557", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50557 affects version 7.2.1-tuxcare.1 of @angular/platform-webworker." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-webworker@7.2.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:06f53566-6b00-5f5d-82ae-24b3f23436da", "id": "CVE-2026-52725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-52725 affects version 7.2.1-tuxcare.1 of @angular/platform-webworker." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-webworker@7.2.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e0156c32-7b3e-5062-98c3-3e84f1abc802", "id": "CVE-2026-54264", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54264 does not affect version 7.2.1-tuxcare.1 of @angular/platform-webworker. not_affected \u2014 The target Angular v7.2.1-tuxcare.2 is NOT AFFECTED by CVE-2026-54264. The vulnerability pattern (service worker forwarding sensitive headers on cross-origin redirects) does not exist in this version's architecture. Asset-group requests are reconstructed from URLs only without headers, and data-group requests delegate to the browser's native fetch which handles redirects per Fetch specification." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-webworker@7.2.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4c402d28-6bd9-5c70-a7b8-2b41e4aa2d44", "id": "CVE-2026-54265", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54265 does not affect version 7.2.1-tuxcare.1 of @angular/platform-webworker. not_affected \u2014 Angular 7.2.1 uses View Engine, not Ivy. CVE-2026-54265 is specific to Ivy's template pipeline and the TwoWayProperty operation kind, which does not exist in View Engine. In View Engine, two-way bindings are desugared at parse time into separate property and event bindings, with the property binding receiving identical sanitization as one-way bindings through the same code path." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-webworker@7.2.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cb74a9cb-bfa9-5177-b098-db1f911e36e5", "id": "CVE-2026-54266", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54266 does not affect version 7.2.1-tuxcare.1 of @angular/platform-webworker. not_affected \u2014 Angular v7.2.1 is not affected by CVE-2026-54266. The HttpTransferCache feature containing the vulnerable weak hash function does not exist in this version. The feature was introduced in Angular v16+, while the target repository is Angular v7.2.1-tuxcare.2." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-webworker@7.2.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f1ac901b-7a48-5bac-b46d-a1f74048d162", "id": "CVE-2026-54267", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54267 affects version 7.2.1-tuxcare.1 of @angular/platform-webworker." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-webworker@7.2.1-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7da391b8-428a-58c4-87e5-7dfa130a8102", "id": "CVE-2026-54268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54268 affects version 7.2.1-tuxcare.1 of @angular/platform-webworker." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-webworker@7.2.1-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40angular/platform-webworker@7.2.1-tuxcare.1" } ] }