{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:a5e286c6-110c-5ecb-a88d-84d0de6c052d", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40angular/platform-webworker@7.2.11", "type": "library", "name": "@angular/platform-webworker", "version": "7.2.11", "purl": "pkg:npm/%40angular/platform-webworker@7.2.11" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:9ff407fa-1a8e-5190-8d56-268256b5dbf8", "id": "CVE-2021-4231", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-4231 affects version 7.2.11 of @angular/platform-webworker." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-webworker@7.2.11" } ] }, { "bom-ref": "urn:uuid:e5e6d33d-8de3-5324-be1f-46f37e475a98", "id": "CVE-2025-66412", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-66412 is fixed in version 7.2.11 of @angular/platform-webworker." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-webworker@7.2.11" } ] }, { "bom-ref": "urn:uuid:45906a7d-69d5-5ce1-92dd-50562a540d86", "id": "CVE-2026-22610", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22610 affects version 7.2.11 of @angular/platform-webworker." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-webworker@7.2.11" } ] }, { "bom-ref": "urn:uuid:6f7ad727-f8d3-5af5-8c30-d858453956c4", "id": "CVE-2026-27970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-27970 affects version 7.2.11 of @angular/platform-webworker." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-webworker@7.2.11" } ] }, { "bom-ref": "urn:uuid:24286766-c1eb-5696-8d9d-895c7d641029", "id": "CVE-2026-41423", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41423 affects version 7.2.11 of @angular/platform-webworker." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-webworker@7.2.11" } ] }, { "bom-ref": "urn:uuid:78ef282e-a393-5812-a6a7-7f9884eb33b5", "id": "CVE-2026-46417", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-46417 affects version 7.2.11 of @angular/platform-webworker." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-webworker@7.2.11" } ] }, { "bom-ref": "urn:uuid:70c43d4d-05fc-522b-9570-8e4d5cee1a11", "id": "CVE-2026-50168", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-50168 does not affect version 7.2.11 of @angular/platform-webworker. not_affected \u2014 CVE-2026-50168 addresses vulnerabilities in the WHATWG URL-based parseUrl implementation and allowedHosts validation feature introduced in Angular's CVE-2026-41423 fix. The target (v7.2.11) uses a completely different architecture with Node.js legacy url.parse() and does not have the allowedHosts feature. The specific vulnerable code patterns that CVE-2026-50168 patches do not exist in this ver..." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-webworker@7.2.11" } ] }, { "bom-ref": "urn:uuid:558ec789-1a6a-5206-8c57-9156cc1fbd1a", "id": "CVE-2026-50169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50169 affects version 7.2.11 of @angular/platform-webworker." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-webworker@7.2.11" } ] }, { "bom-ref": "urn:uuid:1073e929-a650-57c6-b8cb-c10678d603fa", "id": "CVE-2026-50170", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-50170 does not affect version 7.2.11 of @angular/platform-webworker. not_affected \u2014 Angular v7.2.11 is not affected by CVE-2026-50170. The HTTP Transfer Cache feature that is vulnerable does not exist in this version. The feature was introduced in Angular v16+, and v7.2.11 lacks the transfer_cache.ts module, withHttpTransferCache provider, and provideClientHydration functionality entirely." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-webworker@7.2.11" } ] }, { "bom-ref": "urn:uuid:c11b3e38-8f14-54be-b828-a66905a02e26", "id": "CVE-2026-50171", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50171 affects version 7.2.11 of @angular/platform-webworker." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-webworker@7.2.11" } ] }, { "bom-ref": "urn:uuid:690720c8-4440-5dab-bcff-8c5fd941b685", "id": "CVE-2026-50184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50184 affects version 7.2.11 of @angular/platform-webworker." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-webworker@7.2.11" } ] }, { "bom-ref": "urn:uuid:dc679626-3ed4-5fb5-883c-d5fdc59a118d", "id": "CVE-2026-50555", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50555 affects version 7.2.11 of @angular/platform-webworker." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-webworker@7.2.11" } ] }, { "bom-ref": "urn:uuid:a5448588-c88f-5627-bd82-68fe14f7e201", "id": "CVE-2026-50556", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50556 affects version 7.2.11 of @angular/platform-webworker." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-webworker@7.2.11" } ] }, { "bom-ref": "urn:uuid:a3af48da-d4c8-5b3c-b95c-221ac3f93efb", "id": "CVE-2026-50557", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50557 affects version 7.2.11 of @angular/platform-webworker." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-webworker@7.2.11" } ] }, { "bom-ref": "urn:uuid:6b4628c5-fede-57d1-987c-b54f485a2a13", "id": "CVE-2026-52725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-52725 affects version 7.2.11 of @angular/platform-webworker." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-webworker@7.2.11" } ] }, { "bom-ref": "urn:uuid:c99ade50-5f13-5bcc-a286-7ca5dfba5aa0", "id": "CVE-2026-54264", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54264 does not affect version 7.2.11 of @angular/platform-webworker. not_affected \u2014 Angular 7.2.11-tuxcare.2 is not affected by CVE-2026-54264. The vulnerability concerns sensitive header leakage on cross-origin redirects in the request metadata preservation feature. This version predates that feature entirely - it strips ALL request headers when making network requests for assets, as evidenced by code comments and the absence of the newRequestWithMetadata method introduced in..." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-webworker@7.2.11" } ] }, { "bom-ref": "urn:uuid:e70fca6d-c10e-558d-a42f-dfbaf5d837e3", "id": "CVE-2026-54265", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54265 does not affect version 7.2.11 of @angular/platform-webworker. not_affected \u2014 Angular 7.2.11-tuxcare.2 uses View Engine compiler architecture, not Ivy. The vulnerability (CVE-2026-54265) is specific to Ivy's template compiler pipeline where TwoWayProperty operations were missing from the sanitizer resolution switch. View Engine does not have TwoWayProperty operations; two-way bindings desugar early in the template parser to the same parsePropertyBinding() code path as on..." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-webworker@7.2.11" } ] }, { "bom-ref": "urn:uuid:789348d2-e608-54ec-b79b-8e751c233abe", "id": "CVE-2026-54266", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54266 does not affect version 7.2.11 of @angular/platform-webworker. not_affected \u2014 Angular 7.2.11-tuxcare.2 is not affected by CVE-2026-54266. The HttpTransferCache feature that contains the weak hash vulnerability does not exist in this version - it was introduced in Angular 16." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-webworker@7.2.11" } ] }, { "bom-ref": "urn:uuid:31fe8dd3-6cab-513a-8def-9e112fb18202", "id": "CVE-2026-54267", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54267 affects version 7.2.11 of @angular/platform-webworker." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-webworker@7.2.11" } ] }, { "bom-ref": "urn:uuid:1a2004b0-a290-58af-8b77-769313826823", "id": "CVE-2026-54268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54268 affects version 7.2.11 of @angular/platform-webworker." }, "affects": [ { "ref": "pkg:npm/%40angular/platform-webworker@7.2.11" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40angular/platform-webworker@7.2.11" } ] }