{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:5e5f4127-ffa4-59bc-a1c3-99b619a612c4", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-expression", "version": "4.1.7.RELEASE-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:92fcf4c4-2a29-541c-81f6-6c75ffd8ed6f", "id": "CVE-2015-5211", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-5211 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0b4d6fb5-03c1-5515-9923-13eaddad9dc8", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1f017120-6d27-5edd-a815-bcea0e212636", "id": "CVE-2016-5007", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-5007 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1cda53dc-524d-54b7-a01a-cd0af7ffcedd", "id": "CVE-2018-11039", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11039 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e55a5f68-6863-57a3-9661-9b84dcb01773", "id": "CVE-2018-11040", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11040 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fd1bcf2b-3516-595a-9474-7698d2c66b41", "id": "CVE-2018-1257", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1257 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4b054d51-dad1-52a6-93cd-18cb9c0ec30e", "id": "CVE-2018-1270", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1270 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fc371aab-9a66-540f-ba84-d5eb13a506d7", "id": "CVE-2018-1271", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1271 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9bdd4b19-561d-594e-8f31-3ab44b7c341a", "id": "CVE-2018-1272", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1272 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d3b29638-91f2-5f85-8e17-367309676b66", "id": "CVE-2018-1275", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1275 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:24c61961-6c9c-5f9c-9e81-4288cd51b647", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6c186e52-e398-52f2-a17c-95cbfbfb5d79", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f8695dc7-168b-5aca-91de-4c375adc7018", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3dd7a473-f681-533c-b094-17bb8161ae55", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9afb2b1c-f4e3-547e-a640-76f72c2075da", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c9378478-ac19-5e6b-bfb2-41bf860eea1e", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:19303930-decc-5cee-811e-1f50dbfa5d5b", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:acb94591-c26d-5f9f-9131-7eafc5642cef", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:540b5c65-9859-5e40-b1a7-d01b2d8ad6c3", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:61bb873a-3c75-5bd8-8bee-6a1e12e95312", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:67c323ab-3a02-5d18-9d1a-f9d5e4288ea7", "id": "CVE-2024-22243", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22243 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c97036d8-7d3e-5a89-b384-3cde538a00c7", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a07c124b-8778-5260-9419-cf9db059b761", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:229ccf78-9b63-5681-bbbf-c9ee6a63d3cf", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9e7a8968-2ca1-5ee3-b833-e589d475c8ed", "id": "CVE-2024-38809", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38809 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c3847b56-b388-571d-8ddf-4ad5d025e31e", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4ea34538-6300-50dd-8959-214488cbb601", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c71d1fcb-5394-5165-9571-b819b582bb5f", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9962be3b-2214-5857-8110-2abb28c7f8cf", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6391b364-ca8e-5666-b4a9-a4e842eb71a9", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ea7d9c21-383a-543d-af7c-f9685990098a", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5977d82a-5d2d-5d0d-ad0c-75c4b7dbe8c1", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:323770c6-b959-5588-8de3-a24c68c81974", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2a4ed272-1379-5124-ab95-b7843767c0d7", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2bf89df8-c78d-5b08-aa41-bdac6acb3dac", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:06862aa8-2b9f-575f-a59b-0e8bc763b3e6", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:30da5a3b-6940-50cb-8b4f-a4081d536ade", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:db5e56dd-eedc-52ea-9a28-18e4c136cac8", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a19aa6a7-dfc6-5378-89c1-003516890586", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:da50ab1c-e330-54cd-8bcf-a738a6ae7792", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cc52d9de-d755-5c7f-8092-14f342bcefd9", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:64eb4c81-262f-51f9-8f54-72c17b926dc8", "id": "CVE-2026-41852", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41852 does not affect version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-expression. not_affected \u2014 Spring Framework 4.1.7.RELEASE is not affected by CVE-2026-41852. The vulnerability requires record-style property accessor support (empty-prefix method lookup), which was introduced in Spring 5.2+ and does not exist in version 4.1.7. While this version lacks void return type validation for getter methods, it cannot invoke arbitrary zero-argument methods as described in the CVE." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4a9310ed-f267-5bcf-ac4a-f244fbe25476", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d67dec0a-90a9-58f1-84ed-da9dc39813c6", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.3" } ] }