{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:9499370b-7752-54d1-9177-ea5fa3a2f272", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-expression@4.2.9.RELEASE-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-expression", "version": "4.2.9.RELEASE-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-expression@4.2.9.RELEASE-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:1572967d-5bf9-555a-b6f3-b829f68c9544", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4c39377a-cf99-5279-b7bd-5485ecf774b7", "id": "CVE-2016-5007", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-5007 affects version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:76390c98-f6c8-5f51-91d6-a9b2b475cc60", "id": "CVE-2018-1257", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1257 affects version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:65fbd6cd-27c3-5b53-b9c0-3944a9025754", "id": "CVE-2018-1270", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1270 affects version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a572932b-ee15-5d99-891a-b698d38ed987", "id": "CVE-2018-1271", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1271 is fixed in version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:eee6f892-23e1-5983-887f-4432371184de", "id": "CVE-2018-1272", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1272 affects version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1b058aa8-3bea-5ffe-98fe-e05aca8b734c", "id": "CVE-2018-1275", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1275 is fixed in version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d58702f6-d73c-521e-9f9e-44b8c50bb6c5", "id": "CVE-2018-15756", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-15756 is fixed in version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:90dee48c-1828-5d4e-8de5-d6ff3e6acb07", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:47d10b6a-1b2b-5b4f-bc79-795085c42825", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:18bdac19-bd7c-52f5-8ab8-c8d50fd4b155", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:361b6a53-83d4-5ac5-8943-1361a5c3eb62", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d3fb5bf1-bf70-5b34-8830-e3461bac8b93", "id": "CVE-2022-22965", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22965 affects version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d8bf57e5-c363-5ad6-97c8-4a08d2cda50a", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:20bb9f87-cc33-5f91-956c-164bef0949e5", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:78f06b03-b608-5e4c-9630-bab6e86cba86", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:49b893bf-0612-5310-847d-f218d05703ad", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:abfbd698-1bd5-5ec7-a0df-56ce19b9a2ae", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:72f3671b-6176-5ff4-b8ea-cc883cd0edff", "id": "CVE-2024-22243", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22243 affects version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a053643a-b851-573d-a328-9ac245777610", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d17726ca-be36-5c1b-8833-a6cb25f1b00e", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:093c490a-a488-527a-8d7b-752d67af0077", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c3f84c68-a7e0-5536-9089-43d62cecd8d5", "id": "CVE-2024-38809", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38809 affects version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e2738367-b649-5eb9-9fda-e652b18a4a3b", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7bc776e1-6f21-5c5f-935c-0fb808b3c196", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c094a911-2c48-5183-b934-ff042a72e1f8", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:924e4796-b3ba-58be-811c-715da05611bc", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.2.9.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7d20e18e-1920-5a4d-b174-037508dbec13", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 4.2.9.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.2.9.RELEASE-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.2.9.RELEASE-tuxcare.1" } ] }