{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:d23f2591-c5ab-5ab2-bbb6-b690250bfc37", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-expression@5.3.25-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-expression", "version": "5.3.25-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-expression@5.3.25-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:65faca04-fd40-570b-a8d6-868d8b2ed257", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.25-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.25-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b8654216-afb9-524f-b29f-0aff4db0fc96", "id": "CVE-2023-20860", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20860 affects version 5.3.25-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.25-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7c07ec25-babc-5d87-8e2c-16224efd7923", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.3.25-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.25-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:445b12ce-37b3-5a00-b116-8861a7848ecb", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.3.25-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.25-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:32d82f53-fd2f-52f9-9424-630e702f9489", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.25-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.25-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b8140f65-503c-5343-acdf-2d4958d78b88", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.25-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.25-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ced74654-3c12-5ae7-a2f3-f7715fc94f32", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.25-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.25-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:eaa46df2-c853-5406-b3c3-5d76b1fef8d8", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.3.25-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.25-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6072fe43-9ae4-5d94-9a07-4a55b51860ce", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.25-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.25-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a5a387e0-362d-594f-b10a-9d8968f61cb5", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.25-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.25-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cf163c7a-b965-5ce7-8063-ce6f209d17f3", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.25-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.25-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ca221259-cf31-5579-8954-3058b6fe6ca2", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.25-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.25-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9c5b57dd-e463-5a65-af1b-cccec522f131", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.25-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.25-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a5186e04-6985-5743-bc3a-0c3ec6577398", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.25-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.25-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6c65486b-e2a1-5896-9427-9b948125b65e", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.25-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.25-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9b8bc2fc-21b8-5229-8ca8-bf08c62f7273", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.25-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.25-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4e4eebcd-71a1-5cb9-a366-8f5961287571", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.25-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.25-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:29183516-1aa3-5c83-b0b2-823d8bbf0f44", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.25-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.25-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:be84d264-ef25-50f9-88f4-976c05f49e5c", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.25-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.25-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c78db921-b564-51b3-8dfb-e36a3eb28557", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.25-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.25-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:678a1887-0479-590a-ab1a-ade6ccb449df", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.25-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.25-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:792d0811-d5e4-57c4-9ac3-561434c90ff2", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.25-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.25-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.25-tuxcare.2" } ] }