{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:4e172574-f64f-5e68-96d8-fbce73478e9d", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-expression", "version": "4.0.0.RELEASE-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:5fe0a863-cc1e-505f-bf3b-0182eeb84ad1", "id": "CVE-2014-0054", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-0054 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:883080e3-8730-56d4-a28c-32a807ac8ed5", "id": "CVE-2014-0225", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-0225 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1231f675-bd5c-58dd-a6b2-29045fd1395c", "id": "CVE-2014-1904", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-1904 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:245e2dd6-cd30-5608-abee-42425c646aa3", "id": "CVE-2014-3578", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-3578 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:13b823dc-7313-5350-921f-c7689dfdd1c9", "id": "CVE-2014-3625", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-3625 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a2c04333-3da1-5139-898e-7ff66a878118", "id": "CVE-2015-3192", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2015-3192 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:adce9dde-f45c-5a46-98fb-08510ca594ae", "id": "CVE-2015-5211", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-5211 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b033f516-4e22-50a8-9959-19e40ec6f5a7", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f113fdd9-94ff-5081-a20d-f148c580a82d", "id": "CVE-2016-5007", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-5007 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2284e6ae-b68c-5460-88a2-9b2cf6ceb03b", "id": "CVE-2016-9878", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-9878 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:444813e0-5320-5555-9e7e-bc965c075cc0", "id": "CVE-2018-11039", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11039 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:29566e9e-5d4f-5d97-a987-aac871606a6b", "id": "CVE-2018-11040", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11040 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:670723d1-f877-58ea-8f58-fcc9cd885cd1", "id": "CVE-2018-1257", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2018-1257 is a false positive for org.springframework:spring-expression 4.0.0.RELEASE-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:42649e0a-c78c-58f5-a320-165bbe183574", "id": "CVE-2018-1270", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1270 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d931705b-3f46-53e7-adf2-dea9f34986d3", "id": "CVE-2018-1271", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1271 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d65df9f9-7321-506d-8598-486230f0cbf3", "id": "CVE-2018-1272", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1272 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2e4bc185-c9f6-5448-85ac-af19e76658ca", "id": "CVE-2018-1275", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1275 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e56753b5-e7db-5f71-8372-4f353b781ebc", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:71e6434b-10f8-5f30-9268-c92f9c955474", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:27635b57-06ec-579d-a522-75214adcb273", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:81b6d7fd-7c08-5399-820f-4ec5579a1ee6", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9c6b53f1-57cb-5c88-afdd-6b5cecd704c5", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b8c1220f-2f91-5a5a-9e88-806aae38c943", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d0441fa9-ae50-5238-81d4-ea74d3fe1c92", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0b6caab6-2775-560d-823e-66d6a91147fd", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:73d43e14-e3f7-53af-9722-d9f4db630622", "id": "CVE-2022-22971", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22971 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1800a495-8e79-57a7-8bb2-7f497460c23f", "id": "CVE-2023-20861", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20861 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e9df47c6-620e-5a29-8a67-e2e325e592f7", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1c70fa93-c326-56b0-82c4-3c9ee38637dd", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6eff3a09-67dc-5811-853f-0c2a3f6f0447", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:15e3eb9f-e9b1-5ba3-96f0-eed69cf944b3", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:48429ac4-76e5-52db-9408-c22e3d139172", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:67d8cdb1-fb5f-577e-901e-48299d9d89b7", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:58459f88-9fe9-5b3a-bcc7-d0a295be0634", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ec7f285b-66d3-5834-bf92-7bd50b260894", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a620e39a-3dae-5b12-b981-d46e421ea38a", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b1dbfde3-e02b-5ec4-a37d-9efd75e28111", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7245adb3-4e15-5476-8cd4-162863200cb1", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2d9098cf-8bfe-5370-91c1-afb5ae223620", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cd10be6d-6d54-5dd8-92fd-ef286259d291", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0f7629d4-faca-5382-9e87-d8b8ac336c38", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:46f49868-6775-531c-bd07-3ea2471f58a4", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f8f9f7c6-049d-57ff-93a7-d4b4a759ac52", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:79e70112-0453-5587-987f-6576584cd5ab", "id": "CVE-2026-41842", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41842 does not affect version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression. not_affected \u2014 Spring Framework 4.0.0.RELEASE is not affected by CVE-2026-41842. The resource versioning feature with content-based version strategies that contains the vulnerability does not exist in this version. The vulnerability requires the presence of VersionResourceResolver and version strategy classes (AbstractVersionStrategy, AbstractFileNameVersionStrategy) which were introduced in Spring Framework ..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:63c74cbd-9e32-5a29-b32f-63d54af2aaf8", "id": "CVE-2026-41843", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41843 does not affect version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression. not_affected \u2014 Spring Framework 4.0.0.RELEASE is not affected by CVE-2026-41843. The versioned static resource resolution feature that contains the vulnerability was introduced in Spring Framework 4.1.0.RC1 (June 2014). The target repository version 4.0.0.RELEASE predates this feature, and the affected classes (AbstractVersionStrategy, AbstractFileNameVersionStrategy, VersionResourceResolver) do not exist in ..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ce9e1976-fad7-5d4a-97b5-a5c89c062d42", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4c2eb7d2-a0ec-5e67-92e9-f29b4f777330", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:58740ef5-1e50-5f3f-9172-524e67f9d2ba", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ef89d8d7-9e24-5fcc-9ea9-cc6bec0ec6f3", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:50f0c652-3503-5bb5-98a8-d903e85e06d9", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f7b34543-15d4-51ba-b7be-77ec3d867ee3", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6fb1fa6d-6b11-55b0-8027-289ccb927daf", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a08df350-940a-5bca-93dc-fdd59e3c2364", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7490df1b-1b5a-57dd-82ec-77e10454dc0a", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cf51b6b5-23c9-5da6-80e8-07530e670c00", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }