{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:a292637c-1e64-5db0-ba3a-8fe031b5f453", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-expression", "version": "5.1.5.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:5c364bd8-91b4-5e35-8940-a378be64193d", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:09eabace-2caf-5a31-964f-159286884063", "id": "CVE-2020-5398", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2020-5398 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:60596b50-f46c-55db-966e-f4422cc44ac1", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:091a8706-9527-5e44-a468-ad9265533146", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b41535c1-8a5f-59bd-8939-06cde69ff6ed", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f01f060a-2694-5752-acfb-5cac3ddfbbaf", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:eb47069d-4211-5f9f-8418-9ed21ec85e44", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:98d983b6-0dd0-58b6-8288-281e2166541d", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ffc21b8a-4dba-5976-a7aa-d8c12ef45b58", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:91ad266a-aeb8-5f9e-954c-a8661066d48b", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c708510f-89eb-5bf0-a99c-d0482cf6df51", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b0d5ab5e-e818-5222-9cc2-99a7222ebb4d", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cba702e6-3934-5731-91aa-de10d0757bd6", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:82a1c07f-ac50-570c-a681-ad61e3269856", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f8574512-4bdb-593c-afce-04756345f24f", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f203d149-11c3-57dd-8160-b4aa0aa29e96", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:89a4e2da-bdbe-53ff-8808-6b0ec4e9c2f4", "id": "CVE-2024-38809", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2024-38809 is a false positive for org.springframework:spring-expression 5.1.5.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6df729af-e28f-5205-a867-b20fd8d191e4", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dc61f6cd-70eb-50c4-865f-3c2bbb247596", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:082d06e8-2f2a-5f59-9e67-219e9a51bed5", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bbed7ada-6e51-5e12-8907-0f007f16397c", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e664266b-805c-5f71-ad1a-53cacc8a59cc", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8aed4529-a0a1-5d1d-be93-bc3c9de91b5f", "id": "CVE-2025-41234", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41234 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:445eeb43-57db-54ca-af1b-a3e42d8885f4", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ab9e115f-e115-5433-82ff-29ab2c91295d", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:042aed78-9aca-5c0f-8154-bfd9e387de11", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:385aeb45-c48a-521b-9dfe-21b5773315ca", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8234c994-483a-56c8-ac57-84dbafbfde75", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6f63695b-9eeb-5d21-81e3-8655c87ab1eb", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.2" } ] }