{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:8668bf78-ea5e-56a5-baf4-e9374027f837", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-expression", "version": "4.1.7.RELEASE-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:92fcf4c4-2a29-541c-81f6-6c75ffd8ed6f", "id": "CVE-2015-5211", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-5211 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0b4d6fb5-03c1-5515-9923-13eaddad9dc8", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1f017120-6d27-5edd-a815-bcea0e212636", "id": "CVE-2016-5007", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-5007 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1cda53dc-524d-54b7-a01a-cd0af7ffcedd", "id": "CVE-2018-11039", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11039 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e55a5f68-6863-57a3-9661-9b84dcb01773", "id": "CVE-2018-11040", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11040 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fd1bcf2b-3516-595a-9474-7698d2c66b41", "id": "CVE-2018-1257", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1257 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4b054d51-dad1-52a6-93cd-18cb9c0ec30e", "id": "CVE-2018-1270", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1270 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fc371aab-9a66-540f-ba84-d5eb13a506d7", "id": "CVE-2018-1271", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1271 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9bdd4b19-561d-594e-8f31-3ab44b7c341a", "id": "CVE-2018-1272", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1272 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d3b29638-91f2-5f85-8e17-367309676b66", "id": "CVE-2018-1275", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1275 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:24c61961-6c9c-5f9c-9e81-4288cd51b647", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6c186e52-e398-52f2-a17c-95cbfbfb5d79", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f8695dc7-168b-5aca-91de-4c375adc7018", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3dd7a473-f681-533c-b094-17bb8161ae55", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9afb2b1c-f4e3-547e-a640-76f72c2075da", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c9378478-ac19-5e6b-bfb2-41bf860eea1e", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:19303930-decc-5cee-811e-1f50dbfa5d5b", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:acb94591-c26d-5f9f-9131-7eafc5642cef", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:540b5c65-9859-5e40-b1a7-d01b2d8ad6c3", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:61bb873a-3c75-5bd8-8bee-6a1e12e95312", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:67c323ab-3a02-5d18-9d1a-f9d5e4288ea7", "id": "CVE-2024-22243", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22243 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c97036d8-7d3e-5a89-b384-3cde538a00c7", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a07c124b-8778-5260-9419-cf9db059b761", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:229ccf78-9b63-5681-bbbf-c9ee6a63d3cf", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9e7a8968-2ca1-5ee3-b833-e589d475c8ed", "id": "CVE-2024-38809", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38809 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c3847b56-b388-571d-8ddf-4ad5d025e31e", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4ea34538-6300-50dd-8959-214488cbb601", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c71d1fcb-5394-5165-9571-b819b582bb5f", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9962be3b-2214-5857-8110-2abb28c7f8cf", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6391b364-ca8e-5666-b4a9-a4e842eb71a9", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.3" } ] }