{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:f1632002-297d-53ea-a3d0-3cad8edd5d16", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:npm/%40angular/router@7.2.11-tuxcare.1", "type": "library", "name": "@angular/router", "version": "7.2.11-tuxcare.1", "purl": "pkg:npm/%40angular/router@7.2.11-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:0deedd2a-ab58-59d8-bc8d-59511b3b7b55", "id": "CVE-2021-4231", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-4231 affects version 7.2.11-tuxcare.1 of @angular/router." }, "affects": [ { "ref": "pkg:npm/%40angular/router@7.2.11-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fc2fa5b3-b4d3-5fd6-9db6-63d48746a767", "id": "CVE-2025-66035", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-66035 is fixed in version 7.2.11-tuxcare.1 of @angular/router." }, "affects": [ { "ref": "pkg:npm/%40angular/router@7.2.11-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0f9aee8e-f44b-5664-b34e-4934545ab330", "id": "CVE-2025-66412", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-66412 is fixed in version 7.2.11-tuxcare.1 of @angular/router." }, "affects": [ { "ref": "pkg:npm/%40angular/router@7.2.11-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dae5459b-2a2e-5a61-9029-10e0ff4c8ac1", "id": "CVE-2026-22610", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22610 affects version 7.2.11-tuxcare.1 of @angular/router." }, "affects": [ { "ref": "pkg:npm/%40angular/router@7.2.11-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:256c78e8-2894-58ee-8a04-8369766f5a35", "id": "CVE-2026-27970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-27970 affects version 7.2.11-tuxcare.1 of @angular/router." }, "affects": [ { "ref": "pkg:npm/%40angular/router@7.2.11-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:58749250-aad0-5211-94c7-dbcfb2a3231e", "id": "CVE-2026-41423", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41423 affects version 7.2.11-tuxcare.1 of @angular/router." }, "affects": [ { "ref": "pkg:npm/%40angular/router@7.2.11-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cce890a7-8028-580c-ad5d-763c6bf7fdc7", "id": "CVE-2026-46417", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-46417 affects version 7.2.11-tuxcare.1 of @angular/router." }, "affects": [ { "ref": "pkg:npm/%40angular/router@7.2.11-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6b56d27f-2801-596d-a8b4-1d3a52b45e06", "id": "CVE-2026-50168", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-50168 does not affect version 7.2.11-tuxcare.1 of @angular/router. not_affected \u2014 CVE-2026-50168 addresses vulnerabilities in the WHATWG URL-based parseUrl implementation and allowedHosts validation feature introduced in Angular's CVE-2026-41423 fix. The target (v7.2.11) uses a completely different architecture with Node.js legacy url.parse() and does not have the allowedHosts feature. The specific vulnerable code patterns that CVE-2026-50168 patches do not exist in this ver..." }, "affects": [ { "ref": "pkg:npm/%40angular/router@7.2.11-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9cc54d39-74b5-57d3-b4c9-a9b29161c410", "id": "CVE-2026-50169", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50169 affects version 7.2.11-tuxcare.1 of @angular/router." }, "affects": [ { "ref": "pkg:npm/%40angular/router@7.2.11-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1515d983-a86e-563b-8c7b-ccc2849eac19", "id": "CVE-2026-50170", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-50170 does not affect version 7.2.11-tuxcare.1 of @angular/router. not_affected \u2014 Angular v7.2.11 is not affected by CVE-2026-50170. The HTTP Transfer Cache feature that is vulnerable does not exist in this version. The feature was introduced in Angular v16+, and v7.2.11 lacks the transfer_cache.ts module, withHttpTransferCache provider, and provideClientHydration functionality entirely." }, "affects": [ { "ref": "pkg:npm/%40angular/router@7.2.11-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8f78bc4d-7c4e-5974-a0f4-df50357af1f1", "id": "CVE-2026-50171", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50171 affects version 7.2.11-tuxcare.1 of @angular/router." }, "affects": [ { "ref": "pkg:npm/%40angular/router@7.2.11-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fd4416ee-e8cd-582d-ab35-f587e3a0e9af", "id": "CVE-2026-50184", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50184 affects version 7.2.11-tuxcare.1 of @angular/router." }, "affects": [ { "ref": "pkg:npm/%40angular/router@7.2.11-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:df5d85ae-9e50-53cb-a07c-69f419ed37e7", "id": "CVE-2026-50555", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50555 affects version 7.2.11-tuxcare.1 of @angular/router." }, "affects": [ { "ref": "pkg:npm/%40angular/router@7.2.11-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b73f2a3d-4b73-5daa-bf8c-5f2363feb106", "id": "CVE-2026-50556", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50556 affects version 7.2.11-tuxcare.1 of @angular/router." }, "affects": [ { "ref": "pkg:npm/%40angular/router@7.2.11-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:40fea519-cb5f-51e8-b437-552774bad7e2", "id": "CVE-2026-50557", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-50557 affects version 7.2.11-tuxcare.1 of @angular/router." }, "affects": [ { "ref": "pkg:npm/%40angular/router@7.2.11-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:48bbcba0-8b01-5e6a-8624-eb826d8e0e31", "id": "CVE-2026-52725", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-52725 affects version 7.2.11-tuxcare.1 of @angular/router." }, "affects": [ { "ref": "pkg:npm/%40angular/router@7.2.11-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3e54305b-8a22-5dd3-8e71-22608db35dad", "id": "CVE-2026-54264", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54264 does not affect version 7.2.11-tuxcare.1 of @angular/router. not_affected \u2014 Angular 7.2.11-tuxcare.2 is not affected by CVE-2026-54264. The vulnerability concerns sensitive header leakage on cross-origin redirects in the request metadata preservation feature. This version predates that feature entirely - it strips ALL request headers when making network requests for assets, as evidenced by code comments and the absence of the newRequestWithMetadata method introduced in..." }, "affects": [ { "ref": "pkg:npm/%40angular/router@7.2.11-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:aa374197-da50-5ee5-932d-2407eddc6367", "id": "CVE-2026-54265", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54265 does not affect version 7.2.11-tuxcare.1 of @angular/router. not_affected \u2014 Angular 7.2.11-tuxcare.2 uses View Engine compiler architecture, not Ivy. The vulnerability (CVE-2026-54265) is specific to Ivy's template compiler pipeline where TwoWayProperty operations were missing from the sanitizer resolution switch. View Engine does not have TwoWayProperty operations; two-way bindings desugar early in the template parser to the same parsePropertyBinding() code path as on..." }, "affects": [ { "ref": "pkg:npm/%40angular/router@7.2.11-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:524a3072-6a93-5f70-bdc3-83056938031a", "id": "CVE-2026-54266", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-54266 does not affect version 7.2.11-tuxcare.1 of @angular/router. not_affected \u2014 Angular 7.2.11-tuxcare.2 is not affected by CVE-2026-54266. The HttpTransferCache feature that contains the weak hash vulnerability does not exist in this version - it was introduced in Angular 16." }, "affects": [ { "ref": "pkg:npm/%40angular/router@7.2.11-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:52cb0b1d-e8f6-5a17-b34a-843eb56bdcc6", "id": "CVE-2026-54267", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54267 affects version 7.2.11-tuxcare.1 of @angular/router." }, "affects": [ { "ref": "pkg:npm/%40angular/router@7.2.11-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:57746b60-dde4-5aa3-b981-2185f51fc696", "id": "CVE-2026-54268", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-54268 affects version 7.2.11-tuxcare.1 of @angular/router." }, "affects": [ { "ref": "pkg:npm/%40angular/router@7.2.11-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:npm/%40angular/router@7.2.11-tuxcare.1" } ] }