{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:8a1b0608-09d0-59b8-8f7b-60df6357008d", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-expression@5.1.20.RELEASE-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-expression", "version": "5.1.20.RELEASE-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-expression@5.1.20.RELEASE-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:2a9ba944-0ad5-594c-9fb0-dea744d945c1", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ab0a03c0-66a9-59b1-96ec-588e5b3a3167", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:297464fd-813c-5d66-ac12-4adac3d48dc6", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:158a1df3-0542-5281-9e2d-981b13332cf4", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f22c895a-09a5-5787-b456-80fd1ef3e911", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:00efbe22-ac81-5a8f-b797-cf8d105920cf", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4904862b-9fc3-55d0-a234-3a138f86e6f9", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bc2942b4-810b-56cf-a88b-d1a3d646d0f1", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d5121921-436c-5167-87a7-88c583d951da", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:73dba21d-1c60-5d51-ad35-fa941a7d8b18", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4d59ca02-0466-5bcf-ba89-d02f8838a42d", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2d71ebdd-da5c-5171-9e18-b52dae60af45", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:781c3399-b683-594b-9e61-5c202c25b737", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:54f3994e-9845-5927-b199-539903452d07", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ae4775f6-5291-5341-b3e6-828f3308023a", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2538d060-22c8-5a79-862c-7955ab5cd080", "id": "CVE-2024-38809", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2024-38809 is a false positive for org.springframework:spring-expression 5.1.20.RELEASE-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e058232b-091c-5273-a774-9b367f8ca025", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:af11890a-4999-50ac-a5b9-f503deb6c7e5", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4235f5d4-10ce-598f-a4c2-95c8f205042d", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4cff0508-3d5c-5854-834b-18f64266ee27", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ddff8337-7b4a-5d7d-a41d-ce2d6c1ce29a", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f9bae9e7-89a0-593c-89b7-aa8de1e448bb", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:69cc5c49-6876-5567-8684-3017188564dc", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f031280a-c2be-53d4-af47-2e57284989ab", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:11180b86-a21c-54bd-8c87-75d2a5ee3da9", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.20.RELEASE-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.20.RELEASE-tuxcare.1" } ] }