{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:016e3533-fe7b-50df-9e5d-0db70df3005d", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-expression", "version": "4.3.30.RELEASE-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:a1fdfc79-8f33-5cf9-8974-0f4ad0201d69", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c1fd3e5d-9aa9-55da-ada7-8b9402992356", "id": "CVE-2020-5397", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5397 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3c896e2b-d6fa-598c-b68f-570ecb037b83", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ed99e71e-2c7a-5720-9e34-20028a1bd067", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6e6ecfb8-3908-55cb-b5be-34354569e253", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2f1fffad-36ff-5458-af22-267097f23acd", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:551a446a-9b69-5659-838e-e9e1ddb5e805", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3bc877aa-c4ad-5e9f-8530-d341a0dd6127", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7939f152-133d-5be8-8171-af3519b95df2", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2f342a68-ceec-585b-8448-b04b3efd08ac", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:81a4e39b-2805-59df-b2ad-db5792898e81", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c9279dd7-658b-5817-8dc7-184847fd6120", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6419450a-db6d-5fc9-9f3d-5a74485a1255", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0bd9008f-92c6-5172-b313-151a5e6358bc", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f1945f98-b462-5a24-96d7-8d01600c79de", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c77c8de6-5748-5dab-b925-914ed29f411d", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c48b5ec3-88ff-5e39-b18a-aadf42b68fe8", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fd2b4ec8-87e2-52a3-ada3-6814b73a17ad", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0a2bbc0a-46f5-5333-b08c-474a96e74c9a", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2ba0a665-cdd4-521c-98ed-a9f49a0fe777", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e4823ad6-4aa3-5685-a343-8183a19b4101", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:10fb05f3-18d8-54af-9c12-26ff1b54b51e", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9aa4296b-3d73-5ad8-af4a-26bc07a7d361", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:16300675-8ecc-509d-8254-e1a7933d0899", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a94fed79-3510-5db5-8887-5b0b50ddc034", "id": "CVE-2026-22740", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-22740 does not affect version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-expression. CVE-2026-22740 is a WebFlux-specific vulnerability (reactive multipart temp-file cleanup in org.springframework.http.codec.multipart.MultipartHttpMessageReader / PartGenerator). Spring Framework 4.3.30.RELEASE predates WebFlux entirely - the org.springframework.http.codec package does not exist in this version, and there is no reactive multipart code path. Per NVD, affected versions are 5.3.x, 6.1.x, 6.2.x, 7.0.x only; Spring 4.x is not in the affected range." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:60999dea-73fc-5d1d-a2f1-cdb95d4bee58", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:acf0234e-f055-5ab2-a7e4-0cc99e6273b1", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7f2d332b-e329-52a0-8eb4-841361c5d24b", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:33439875-34ab-552f-b0ad-ab74db50db7e", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0bc8b86e-1937-5fc4-8fac-ce87fa3ba118", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:eacb605b-2325-5d42-b626-2b3bf50d2cf1", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c8574dc8-3932-5b7a-b0e1-5772ea006864", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a3ffe9af-467f-52d9-a4eb-1786f897568f", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:154189af-83ac-5123-a253-e1c2d08f0031", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7a7ad2e5-97ee-5c90-baf2-fead3a6f85ea", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1a7b8087-1d30-5964-8295-8687505f1b97", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d6a5a772-c593-5620-a705-59cde794aafa", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c6b438e1-b627-50a5-9dbc-906e819b29ce", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:29da1e0a-965c-5894-86f6-383cb24d6fce", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e7755f9b-04e5-52aa-812c-82b5c36d283b", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.3" } ] }