{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:e82c9157-15d0-534b-8b9f-4bc64082913e", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-expression", "version": "4.1.7.RELEASE-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:9c92c5e0-25ae-53af-a521-d57e874f7760", "id": "CVE-2015-5211", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-5211 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:edf85561-619a-53f0-af4f-60af721aafce", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8ac140bc-15fe-506f-bd30-2ade53f702f8", "id": "CVE-2016-5007", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-5007 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7e6a6d5c-5244-5910-b023-8b0af2956ff4", "id": "CVE-2018-11039", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11039 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:292eb984-5be4-5145-a32d-b65d9222a60e", "id": "CVE-2018-11040", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11040 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:bddc5151-4e68-5ce3-b927-4718c0f4e820", "id": "CVE-2018-1257", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1257 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b4567305-fbfa-5cff-ba5f-48500e7cffe3", "id": "CVE-2018-1270", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1270 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:328bc90a-136e-5dd8-a038-3d0357810df9", "id": "CVE-2018-1271", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1271 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cb5ac788-b771-57e9-9427-884db0e3aeaf", "id": "CVE-2018-1272", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1272 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a8715ecf-1575-562b-be13-10fb20036907", "id": "CVE-2018-1275", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1275 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1c6d9d2d-6d78-5fb9-b036-18bd50d6f17c", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3d97b45a-59ea-59c7-8cde-8e5f7dc20118", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:045e0d4a-4fb2-5d14-8faf-489cbf196816", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3994b25a-0bc4-51a3-92ff-9b79d9919c19", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:07c27c7f-6306-5f6a-a6a5-6aefa0faf658", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:286135b7-aa38-52ab-9d7d-774b133937f7", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:337a6681-11ff-5603-b00e-c65d3444a91d", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4a00bd41-b4c8-5473-ab7d-52ccb3ca8f90", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2db2e54b-d8d2-5928-b2b4-8e16c078b057", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:45fe8a27-7287-58ec-a6bd-7a9b399807d3", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9b89481f-f8b2-5846-8ab9-edb9aae5bb51", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7aa04ae1-4557-5ec3-9b32-2f81a252cedc", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9f1323fa-1dac-5243-8d9f-4bb5dfca059f", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:adb8c93c-f6fc-5d53-a2e8-733683b52d9d", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0da2d60c-2728-5751-991c-253b69e38476", "id": "CVE-2024-38809", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38809 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:003268f0-4eb5-5976-b4ba-0303a1fd5510", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:26df0abd-9e74-5987-9969-41eaf08b1ea8", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:873b3e2f-5fdd-5fee-8f74-1c869163ca4d", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ef88727a-851f-564d-98ac-3ec3c0463cc2", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0c03210a-f4c7-5c0c-a803-99d7d8163b0a", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.4" } ] }