{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:9cc64a36-1831-59af-bd2a-4055b4f3d66c", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-expression@6.0.23-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-expression", "version": "6.0.23-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-expression@6.0.23-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:82260fae-37fe-52cd-ba16-b89e80cdfea2", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 6.0.23-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@6.0.23-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fa18384f-0208-565c-aa94-1ddfe2dfcdfa", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 6.0.23-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@6.0.23-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cc1d33af-d8a3-5893-a28e-a7608d69853c", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 6.0.23-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@6.0.23-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ebbc4cec-8309-51be-814c-bcd801f62206", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 6.0.23-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@6.0.23-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4c47d84d-8c68-501b-8d58-23db4bd7da56", "id": "CVE-2025-41234", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41234 is fixed in version 6.0.23-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@6.0.23-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:16744a71-c1e2-519a-8a4b-0562bc33a1b2", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 6.0.23-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@6.0.23-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b3a6504e-4e08-5e2a-86a5-4b1f4c146244", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 6.0.23-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@6.0.23-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3951955c-aa3d-5674-841f-9d9ffdb96d84", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 6.0.23-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@6.0.23-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4c71cc11-8f95-5e46-82a2-c0e439ae2d49", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 6.0.23-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@6.0.23-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a68022e2-9ae0-5f7f-a4fb-821702ec1391", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 6.0.23-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@6.0.23-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4ac5ee27-182c-5f5c-b09a-ff7292dad69f", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 6.0.23-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@6.0.23-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7b278c90-09c5-530f-9026-17a07f276730", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 6.0.23-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@6.0.23-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a749d220-8937-5575-9d2c-f19d2e663704", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 6.0.23-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@6.0.23-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-expression@6.0.23-tuxcare.2" } ] }