{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:012b3bb1-c5f9-5a55-b034-2fcd2f849472", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-expression", "version": "4.1.7.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:d9548256-e029-5e1a-ab82-b15243bcb90d", "id": "CVE-2015-5211", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-5211 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b4a80efb-baee-52ce-8568-9d2d5668c181", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a2a9322d-7c49-55df-bfe8-64719a66dd59", "id": "CVE-2016-5007", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-5007 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:576cb00c-81f9-5b51-91c5-28fd2f45407f", "id": "CVE-2018-11039", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11039 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:82d96045-deab-524e-b3c4-980abe128d8e", "id": "CVE-2018-11040", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11040 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0e6a71c1-ae5b-5ab7-a770-0c59025ea1b6", "id": "CVE-2018-1257", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1257 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9b83dff7-6e99-58f9-a191-e60ac779515f", "id": "CVE-2018-1270", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1270 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:49541f32-5dc3-51cb-af3e-6e3f2ec276fc", "id": "CVE-2018-1271", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1271 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8241c940-22c8-59db-8d02-69f18472b825", "id": "CVE-2018-1272", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1272 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2e589408-1640-5734-b210-a807bd4da3fb", "id": "CVE-2018-1275", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1275 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:02685e13-b40f-5ee7-ab93-79849205da1b", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4c3c2f7b-0164-58eb-af8e-68965c54066c", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2aeaabb6-d068-5dcb-ac54-1d219ce8fe02", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:16f1fa31-98b1-5d28-8841-8c948048ff35", "id": "CVE-2022-22950", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22950 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7ad7fccc-36b8-581e-b061-be91d03e3427", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0505bcf5-217e-580a-a09e-bc322ff8324b", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0f80d3aa-3499-5e2e-876d-016154f4b83e", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:884fbd62-a782-5b09-90d3-1964071f003e", "id": "CVE-2022-22971", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22971 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0bd23cb4-a2db-5abf-a5e9-8fbffa7daf6c", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4fee3dd1-5596-5c24-9ed9-6bdc68a9335e", "id": "CVE-2023-20863", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20863 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b00f5751-72a4-5930-b3d3-1aa8046828bc", "id": "CVE-2024-22243", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22243 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c44ea5c0-2390-5a53-b534-888ac0e3308e", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ae36310a-9dd2-5b55-a51e-5e8874734843", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1ed9010a-ff1f-51ae-b010-d3da2f5237da", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fbb4cbc0-97e0-56e7-a2ec-50bf00545365", "id": "CVE-2024-38809", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38809 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:25698e74-7a96-5342-a870-3245112084ac", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f1980375-0902-5d82-97e1-d5e479efebac", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1711c645-10b9-54a4-a54d-b22271ddebad", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3b4248cc-22bd-50f4-9a7f-ed0652f4d7b0", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:386cf007-3539-5cd0-93b0-074f1e91be35", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:aa61bb22-9f75-52fe-9048-80c8344294e3", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:eb395841-27dd-531d-99d0-0e8f9a785adf", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a9c2f931-054a-5455-a25b-894f339cb466", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:eeec3b3c-f562-5d36-b915-82dfc353087f", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:785237e7-0018-5164-916b-c2038c15541d", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:df660721-ba62-5672-b56e-0a274595665a", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:53957c2b-523f-5754-9398-388a5de3d68d", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:aba6ee02-3d53-5ebf-840a-ced5ff2dea6e", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b5c1097a-a4f4-52aa-ba70-13b7c3a05f05", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d513fc84-c1e6-5313-80d6-5dfc81d3ba7a", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:116b7480-9e85-50e9-9497-fadbaabe581f", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e22c1ba6-daa5-51d1-9747-51994ba93a8d", "id": "CVE-2026-41852", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41852 does not affect version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-expression. not_affected \u2014 Spring Framework 4.1.7.RELEASE is not affected by CVE-2026-41852. The vulnerability requires record-style property accessor support (empty-prefix method lookup), which was introduced in Spring 5.2+ and does not exist in version 4.1.7. While this version lacks void return type validation for getter methods, it cannot invoke arbitrary zero-argument methods as described in the CVE." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:101b3a24-747e-5234-b689-f0f1a093f24a", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:47036a00-ea70-5bbd-b185-d11a70252bae", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.2" } ] }