{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:f1486cca-bb23-5b1b-9565-e31d630c47d1", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-expression@5.3.24-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-expression", "version": "5.3.24-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-expression@5.3.24-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:31c55f0f-69a5-56fc-b119-1475d9ef319c", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.24-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.24-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dcc2d037-c79f-5c29-b109-56920b23c229", "id": "CVE-2023-20860", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20860 is fixed in version 5.3.24-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.24-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fc916cc2-d5f5-5bc5-9671-7dd6859623e7", "id": "CVE-2023-20861", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20861 is fixed in version 5.3.24-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.24-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0aae42f4-ba55-5352-9d33-a2648093340a", "id": "CVE-2023-20863", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20863 affects version 5.3.24-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.24-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c651e123-43db-5c72-acbe-9e6e5fc156e7", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.24-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.24-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3980b332-5841-5a16-81d9-97b605efd85f", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.24-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.24-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:676ecd76-4a17-549b-a9dc-b46f894d0374", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.24-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.24-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3b79c84b-ddc1-5790-8cb7-f7b9a3fbdc2b", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.24-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.24-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2206f5b3-8fdc-5cee-82f3-273f7e9cd1ac", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.24-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.24-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:06254b68-4ffe-5765-a3eb-bfd3266c86dd", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.24-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.24-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e939ea0b-37eb-579d-871b-7a80e17d0b00", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.24-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.24-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9dd80a52-c161-56d1-bec8-9b6bdf9b37ce", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.24-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.24-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bdb747fd-96ff-51cc-b47b-a6464055fe38", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.24-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.24-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9795dc81-2b9b-56a9-a2e0-9933cc98e922", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.24-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.24-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c3ee2022-64b2-52fb-a135-6771a0ea15ff", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.24-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.24-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:28831046-aceb-5bc7-9cef-02414470813b", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.24-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.24-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6b33b495-3636-5195-9a92-9055b146e5ff", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.24-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.24-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b29da89b-9750-557e-829b-b1845c56b5d6", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.24-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.24-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6cb067c3-1bd9-53fa-87ca-a7abac959ef1", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.24-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.24-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5b0f9d81-a1f1-5922-a95d-e300710f4179", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.24-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.24-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4142a00a-dca8-5c21-95ec-68b320804320", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.24-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.24-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:568dc854-f26b-53c1-acc0-3a08efb384a8", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.24-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.24-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.24-tuxcare.2" } ] }