{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:00c10e30-007e-5a7b-b8ba-1ad6128e5220", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-expression", "version": "4.3.30.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:f1d66200-be9a-5e34-ade7-92eed989775f", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bb6ea665-7603-51e7-be66-0dce3b00f49e", "id": "CVE-2020-5397", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5397 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:934c6815-d0bd-5755-81fa-a5abc1157b28", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5eb47787-25fa-5b01-bff4-ac2dbe03f33e", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bab35c6a-5a73-5c67-a81a-cfffc2cbd065", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:21df312f-00bc-5d0d-aa9d-6233c3a08d97", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2707b0c3-53cb-5fb2-9ae8-0c3788792613", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:47e0f765-4fa6-5c4f-9e26-d46591a82e04", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:53ce1a7d-abc8-5def-976b-49451460b596", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2a61e8b0-0c8e-509e-82c1-1c570e7a7673", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f8a45b21-5b15-5400-b993-63de1b60a9c2", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2f59b195-5053-52a2-8c6a-ec7e910446b6", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3e87e1eb-f261-5caf-898b-bd8c93f7245a", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b7fdd08f-ae07-5259-9fc0-f6a43103ba06", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:44d35422-fce1-5d9c-844f-d3617f17953c", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d85d8e8b-8174-5fcd-94e7-7cf8bbd9017e", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:21bd6670-3a53-5dbc-be95-baad158381e5", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:651a2a63-e82c-5f34-bb14-374379f3a5f0", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7eb2d1a8-ee14-5361-a8df-abefa6de543f", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e1d28873-22bf-58b9-a6e5-fc45f26ba3d2", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:510e1744-1491-5c64-88fc-2c2ccec9a898", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:473b639c-f8e9-5c67-a1cd-ac33c0f121a1", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:21d3b2e6-baef-50f6-a643-73358215f53f", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6ad66c8c-0619-5cb6-8ae0-46ce6814f747", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e69ca9ba-1858-5cfe-b55b-b4182a8a04b9", "id": "CVE-2026-22740", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-22740 does not affect version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-expression. CVE-2026-22740 is a WebFlux-specific vulnerability (reactive multipart temp-file cleanup in org.springframework.http.codec.multipart.MultipartHttpMessageReader / PartGenerator). Spring Framework 4.3.30.RELEASE predates WebFlux entirely - the org.springframework.http.codec package does not exist in this version, and there is no reactive multipart code path. Per NVD, affected versions are 5.3.x, 6.1.x, 6.2.x, 7.0.x only; Spring 4.x is not in the affected range." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1fea6173-adfe-536a-94ff-cb2a85dbb0ee", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:97ae564f-8aca-5c23-a5e4-eb88aa382ded", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1e5777c4-4327-5568-b0aa-6f1a78c17901", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:97baeea3-3fcb-5995-8398-56f112c2e6c5", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:860db388-9ac2-5bee-8c6a-304a62f079dd", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d02bb3c7-6e6d-5ec8-805f-dea0f0350b63", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b8aa661e-5d02-5f28-b927-2d49d2af0a7c", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5c19f287-193e-5544-aad7-c5322d2539a5", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1f39ec00-4921-54eb-ba64-8e8e5705bd5c", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a4bbdee8-db7e-5815-90b0-54988e5b6716", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:211a1d94-34dd-5013-9af5-f31d07ec71d1", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:033b3c76-8cd8-5090-a842-c64dc1bda2f4", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bcc059a6-f9db-5cdd-8655-dc64564263b7", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:48f1ce77-6350-58dd-9d31-55e8b1e605ff", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:44a4fbb9-82e0-5ccc-b3d7-5911d4ca5079", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.2" } ] }