{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e8acf3d-7c25-58e5-87f9-a34888176038", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-expression", "version": "4.0.0.RELEASE-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:d9b9ce83-dd3c-5422-9bc8-72b6b3459c7f", "id": "CVE-2014-0054", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-0054 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f4acee46-8ba7-5cde-adc5-7fdca65bec73", "id": "CVE-2014-0225", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-0225 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:955b4eb6-06c6-5e8a-91a9-c03d615766e0", "id": "CVE-2014-1904", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-1904 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3e6ecac8-29b5-52cc-adeb-4456605ce7be", "id": "CVE-2014-3578", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-3578 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1ab5f8ca-4adb-597b-8145-0e93cf2f9ae9", "id": "CVE-2014-3625", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-3625 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d8ef42a1-5ba5-5970-82e7-923c3223db94", "id": "CVE-2015-3192", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-3192 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2768cb2e-3bef-5f4d-99bd-8b75e51b2e69", "id": "CVE-2015-5211", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-5211 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ffa39a08-d0b4-5b3c-b84b-199fcb4bfb27", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:efaf38ed-7948-5c8e-8318-9f6f96c78044", "id": "CVE-2016-5007", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-5007 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6890ef89-f39d-5d1f-887d-8184b24b9904", "id": "CVE-2016-9878", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-9878 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bc14e878-1899-5bd1-b5d3-58b98b8c8541", "id": "CVE-2018-11039", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11039 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4f0c3bd8-ff0f-59f9-99b5-414c804a0672", "id": "CVE-2018-11040", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11040 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0dfe9e10-8605-5c86-9032-8fbffdcf04cb", "id": "CVE-2018-1257", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2018-1257 is a false positive for org.springframework:spring-expression 4.0.0.RELEASE-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5b697fff-8253-5751-944a-34375e4685c3", "id": "CVE-2018-1270", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1270 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c1bec1f0-b667-5316-9a6c-00f15aa0f0c3", "id": "CVE-2018-1271", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1271 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a930daa7-648b-58cf-af5c-e90ae5e0ba00", "id": "CVE-2018-1272", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1272 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5ea75b4c-3ccd-5e6d-b51d-e9a4585589c3", "id": "CVE-2018-1275", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1275 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f32e5220-6901-5dc5-bd3e-cc1501ac8219", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:999461de-9728-53ce-937c-dbff34fc3ae3", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1613a377-b681-5d9f-85ad-fbe4ed4f410a", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f9350f79-c155-5c0b-be88-7928e5a9863e", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0d2985b4-6883-5a5c-a380-6562f640dd40", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ecf5a4ec-9276-5a36-9a4d-4c3ab84cf83e", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:92715cb3-2ad3-562c-916c-64fc91c4654e", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e97d92ff-aa7d-5d10-93a7-c59e35ff7b29", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e76c230e-8268-5f77-b97a-e72d198036de", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4bf7fa5f-0197-5fdf-a682-5476afbf824b", "id": "CVE-2023-20861", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20861 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:49415c6e-414a-5cb9-bec3-60d1a16ce2af", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:10ce405f-a5de-56bc-829e-976da55fc6d0", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:00bef877-f63e-5c03-bd13-453da356723b", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b123a9e4-63d2-5457-a532-156010b7ffb2", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bc6c20fa-02a1-5fb0-83eb-87ac3b7338e9", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8c96011d-4d23-5609-af6e-03ce98d750d1", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bbe8b03b-7959-56b9-8fb7-a657c2554285", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e5513aa8-2127-567d-8f82-aed42429b875", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9102dfb9-848b-5fe7-b696-128d272654b2", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:61fbe510-d173-5b61-a38f-fde91ee275c3", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ef190b17-d50a-54d6-9dde-1e5d73769708", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b4f21822-742a-5b8a-88fb-5007324fda40", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2fef4e19-0695-52be-a4b0-83d156686b2b", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:41073513-7083-5bb6-b490-ac81b751a3b3", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.3" } ] }