{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:7a4ec624-8153-5d23-8b31-09a9c7019fed", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-expression", "version": "5.1.5.RELEASE-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:d56ffc33-91cd-52e7-835f-86fe3b7f488d", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:99888fcc-5508-5b32-a3d2-eda616c34553", "id": "CVE-2020-5398", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5398 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8e15ee52-caa0-5ab4-8b5b-42d3d6b70444", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:489236bb-077a-5fe9-988d-210e639ab6fd", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:729fcb74-549a-549e-a2c7-27647d8686a2", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:65b174b0-fd06-5cc3-a5ef-bbf742cf0885", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f638b87c-f258-518a-a223-c4a89d1b409c", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b5095057-63be-53c7-864c-ac27627e088d", "id": "CVE-2022-22968", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22968 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:752d3dcf-ce08-5be3-9f60-70118c13d574", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c2ed4f4d-ed31-59a9-b035-04e226b5004e", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:14fdc43c-ba37-526c-827d-feaaf3ff7469", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3b322f03-918d-5e08-a053-a3284bd5e9f5", "id": "CVE-2023-20863", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20863 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ce237275-0074-575d-acd0-7f48867a5cff", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9d5e844d-56d9-522c-bd0d-bb33a8862697", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:654fb861-f4e2-563a-8152-2893fbff8e05", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1bb1e61e-7699-5eda-9aa7-f5c8f092b3e1", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e013613b-8f3a-5b4a-9ce2-9ab2ff925b4f", "id": "CVE-2024-38809", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2024-38809 is a false positive for org.springframework:spring-expression 5.1.5.RELEASE-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:504eb737-bde7-5616-9398-fb22cc3f68c2", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5e4141e1-837b-53b9-bf94-5d20720d8780", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:64ec501c-bc9c-50ec-be27-482b8034bfdf", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fa5dc5fc-c92b-5a78-a502-1b476fd9b1b1", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:01be829d-8578-59f9-b14b-91504580222b", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d6e9c658-6ee8-5ce9-8d31-889ebc7eb3f5", "id": "CVE-2025-41234", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41234 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9d37d03d-190b-55c4-88a3-e0982b7f4f73", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e6ab29c5-66d6-54d5-81d3-51aeb1ba8e9d", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8f3d4f66-c1a8-5b54-be5a-db1bf6e278d4", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:adcb0cd6-5a2f-5b21-a346-7e2b8b9f42b9", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b26fc439-a689-5b7a-8a31-e45d01cc445f", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:450082f7-ef5b-5bb6-ba1f-aff3fb476813", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1ec9091b-5e75-50f8-99c1-a54944e96d4b", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4e22f007-64f9-539c-9823-0013aee7d3bc", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c44ff900-1b69-5dde-bd89-a0942f58caac", "id": "CVE-2026-41840", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41840 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3c39d6ae-628a-56ce-967f-b1c963c705f2", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:25530467-fa1f-5f4a-a367-58cbe513b233", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:18389d35-6043-580d-9bc2-acdc72823860", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8e17ec72-c4da-5e8f-802c-ae0c65c31f0a", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:946d2873-2448-5667-9bb7-cba79264bf80", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d99a3470-e36e-523e-aa28-e84a6509b33f", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:06008f23-9de6-52fa-886b-4323c2006c8c", "id": "CVE-2026-41847", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41847 does not affect version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-expression. not_affected \u2014 Spring Framework version 5.1.5.RELEASE-tuxcare.2 is NOT affected by CVE-2026-41847. The vulnerability exists in the Kotlin Router DSL filter function, which does not exist in version 5.1.5. The filter function was introduced in version 5.2.17+ (September 2021), after this version was released." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6b2e8ba9-d11f-5b63-98e0-ff04fe28bb31", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3195e4c1-08b8-5a65-adb3-e9575336202b", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f011ee5c-2788-54c6-9559-9527e0766b89", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:93c95738-5460-5b61-8276-2f7b2b0e72a1", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c63cc1ee-a7c2-554a-b712-326f32a379c7", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:57bd1f90-9f5f-5f4a-8a6f-660b4728b7bd", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a15d2252-5f8f-5408-a773-9dbcd6e78143", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.1" } ] }