{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:479c6546-0248-5763-a864-e55dff2d863a", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-expression", "version": "4.1.7.RELEASE-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:9c92c5e0-25ae-53af-a521-d57e874f7760", "id": "CVE-2015-5211", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-5211 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:edf85561-619a-53f0-af4f-60af721aafce", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8ac140bc-15fe-506f-bd30-2ade53f702f8", "id": "CVE-2016-5007", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-5007 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7e6a6d5c-5244-5910-b023-8b0af2956ff4", "id": "CVE-2018-11039", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11039 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:292eb984-5be4-5145-a32d-b65d9222a60e", "id": "CVE-2018-11040", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11040 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:bddc5151-4e68-5ce3-b927-4718c0f4e820", "id": "CVE-2018-1257", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1257 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b4567305-fbfa-5cff-ba5f-48500e7cffe3", "id": "CVE-2018-1270", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1270 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:328bc90a-136e-5dd8-a038-3d0357810df9", "id": "CVE-2018-1271", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1271 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cb5ac788-b771-57e9-9427-884db0e3aeaf", "id": "CVE-2018-1272", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1272 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a8715ecf-1575-562b-be13-10fb20036907", "id": "CVE-2018-1275", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1275 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1c6d9d2d-6d78-5fb9-b036-18bd50d6f17c", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3d97b45a-59ea-59c7-8cde-8e5f7dc20118", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:045e0d4a-4fb2-5d14-8faf-489cbf196816", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3994b25a-0bc4-51a3-92ff-9b79d9919c19", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:07c27c7f-6306-5f6a-a6a5-6aefa0faf658", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:286135b7-aa38-52ab-9d7d-774b133937f7", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:337a6681-11ff-5603-b00e-c65d3444a91d", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4a00bd41-b4c8-5473-ab7d-52ccb3ca8f90", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2db2e54b-d8d2-5928-b2b4-8e16c078b057", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:45fe8a27-7287-58ec-a6bd-7a9b399807d3", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9b89481f-f8b2-5846-8ab9-edb9aae5bb51", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7aa04ae1-4557-5ec3-9b32-2f81a252cedc", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9f1323fa-1dac-5243-8d9f-4bb5dfca059f", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:adb8c93c-f6fc-5d53-a2e8-733683b52d9d", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0da2d60c-2728-5751-991c-253b69e38476", "id": "CVE-2024-38809", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38809 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:003268f0-4eb5-5976-b4ba-0303a1fd5510", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:26df0abd-9e74-5987-9969-41eaf08b1ea8", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:873b3e2f-5fdd-5fee-8f74-1c869163ca4d", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ef88727a-851f-564d-98ac-3ec3c0463cc2", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0c03210a-f4c7-5c0c-a803-99d7d8163b0a", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6d318e23-203f-53b7-a351-82f2228ed290", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:afd6d5e0-1153-5d4a-a8cc-40ec734c1076", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:07736815-5aae-5919-b87f-5f457282a4a9", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e903f906-57ae-53eb-9d2f-9fdba6565681", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:290a9754-fe07-5515-af4c-b0aa761ab0cc", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:04f8367a-c7a1-51a0-a720-8af849c1e3ab", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d11ca3e2-bf18-58b1-9dad-75468db85b1f", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cbf0ad65-4e12-5025-887f-0117de8cf56b", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c44957cf-2626-505d-8078-1260880cb001", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d62091b4-4d72-5956-8a49-21b992f760b7", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:22517a49-45d5-58e4-be81-aa58290eb780", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:18f626d6-770a-5dca-95c2-39c98d571b80", "id": "CVE-2026-41852", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41852 does not affect version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-expression. not_affected \u2014 Spring Framework 4.1.7.RELEASE is not affected by CVE-2026-41852. The vulnerability requires record-style property accessor support (empty-prefix method lookup), which was introduced in Spring 5.2+ and does not exist in version 4.1.7. While this version lacks void return type validation for getter methods, it cannot invoke arbitrary zero-argument methods as described in the CVE." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:fb725bb8-a6d0-5a1f-928c-15f53c56213f", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d195ad20-07de-5429-959b-286e3e9053bd", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.1.7.RELEASE-tuxcare.4" } ] }