{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:26eb88fb-963c-59b4-a903-947435157083", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-expression", "version": "4.3.30.RELEASE-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:004f90d9-70ab-51b1-8c21-04d078fd69dd", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6ec5a5b3-c74e-5775-90bb-5b7e6ce23c29", "id": "CVE-2020-5397", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5397 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:302b5e00-6f35-58a9-9f5e-76253aa3237d", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b6d6577b-3691-54b1-87c3-b89ec64ea4e7", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ba18616c-5d4e-5b1c-8dc0-0a4bb0712f66", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f07c612a-effb-5296-815c-965546184b1b", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7f7afca5-6bdc-5cd2-a01d-33153b90c83b", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:98d51ccc-1a21-599b-b214-0f96fb29ea8f", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5a651539-618a-5820-b9cb-3df2e3ac4aca", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:72b00b82-2e93-5ec0-abbb-d0360c992b88", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:86d5c7dd-8bb9-502d-b48d-42e2da3fd14b", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a63b9ac6-5c78-516b-a9c5-fd89390a3493", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3b243e9a-49c8-5c26-a366-9bc3258f904f", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b21b3594-156d-571e-befe-27b2a42c4bd3", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:99a29b5a-0c76-5574-8834-cc74db0f8ebb", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c4ef98ea-23e0-5a63-81f4-7e60e7a37035", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:868c740b-e0dd-5638-be01-813e01693869", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9c70d86c-400e-5419-b219-5b8a790495c8", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:aa8847d0-cafe-512d-b149-e4f9bc1e2e38", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:42af5355-e455-56ee-9010-30ee6a6af4dd", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:df72ce77-fd41-5271-a3e0-0f76e4b1596a", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fe2351a6-7192-53fa-94b0-ec0e4de7f457", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6940898c-9a88-5e49-9221-44172866a3ca", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1665de15-4351-597b-b3c2-9ac0d999d4c4", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:53b2142d-92d0-5161-9f1b-cb9c9dfd2eb7", "id": "CVE-2026-22740", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-22740 does not affect version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-expression. CVE-2026-22740 is a WebFlux-specific vulnerability (reactive multipart temp-file cleanup in org.springframework.http.codec.multipart.MultipartHttpMessageReader / PartGenerator). Spring Framework 4.3.30.RELEASE predates WebFlux entirely - the org.springframework.http.codec package does not exist in this version, and there is no reactive multipart code path. Per NVD, affected versions are 5.3.x, 6.1.x, 6.2.x, 7.0.x only; Spring 4.x is not in the affected range." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e31cbe67-504f-5de0-9e9b-b5717b8c79e3", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a3ffbbb4-124c-521a-85b1-b5faed75875d", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3f653489-0390-5f60-bcf5-8205e18cd233", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f7ebde5c-fce1-5ed8-a994-47776bec2ddf", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5ce8c63a-4ef6-527b-aedd-0540ecc55f2e", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d61a44c6-0a3d-5bbb-b43c-2b6cda996d72", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:41465c36-19cc-5573-999d-b0591d36300c", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7a476947-425b-5333-a5f3-85f01b3cdc4f", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b5438d09-2992-5ea0-bbcd-c4dea256a7d2", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2bc3011e-42b0-5f18-87d8-ab725f22af67", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e9b2073e-642e-5952-9a1a-c9f609935f56", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fc4b3610-c003-5070-be82-8800d57caf75", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1be954c1-42fa-5173-8346-da87da1f0a3d", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fcd11f8e-6f46-517c-a7d8-1a06f9c3213b", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e0a56f66-b512-535c-b72a-9ad2396c7347", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.1" } ] }