{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:24c53af0-7efc-51ab-9a98-742f2a37c336", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-expression", "version": "5.1.5.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:5c364bd8-91b4-5e35-8940-a378be64193d", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:09eabace-2caf-5a31-964f-159286884063", "id": "CVE-2020-5398", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2020-5398 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:60596b50-f46c-55db-966e-f4422cc44ac1", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:091a8706-9527-5e44-a468-ad9265533146", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b41535c1-8a5f-59bd-8939-06cde69ff6ed", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f01f060a-2694-5752-acfb-5cac3ddfbbaf", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:eb47069d-4211-5f9f-8418-9ed21ec85e44", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:98d983b6-0dd0-58b6-8288-281e2166541d", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ffc21b8a-4dba-5976-a7aa-d8c12ef45b58", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:91ad266a-aeb8-5f9e-954c-a8661066d48b", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c708510f-89eb-5bf0-a99c-d0482cf6df51", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b0d5ab5e-e818-5222-9cc2-99a7222ebb4d", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cba702e6-3934-5731-91aa-de10d0757bd6", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:82a1c07f-ac50-570c-a681-ad61e3269856", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f8574512-4bdb-593c-afce-04756345f24f", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f203d149-11c3-57dd-8160-b4aa0aa29e96", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:89a4e2da-bdbe-53ff-8808-6b0ec4e9c2f4", "id": "CVE-2024-38809", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2024-38809 is a false positive for org.springframework:spring-expression 5.1.5.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6df729af-e28f-5205-a867-b20fd8d191e4", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dc61f6cd-70eb-50c4-865f-3c2bbb247596", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:082d06e8-2f2a-5f59-9e67-219e9a51bed5", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bbed7ada-6e51-5e12-8907-0f007f16397c", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e664266b-805c-5f71-ad1a-53cacc8a59cc", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8aed4529-a0a1-5d1d-be93-bc3c9de91b5f", "id": "CVE-2025-41234", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41234 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:445eeb43-57db-54ca-af1b-a3e42d8885f4", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ab9e115f-e115-5433-82ff-29ab2c91295d", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:042aed78-9aca-5c0f-8154-bfd9e387de11", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:385aeb45-c48a-521b-9dfe-21b5773315ca", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8234c994-483a-56c8-ac57-84dbafbfde75", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6f63695b-9eeb-5d21-81e3-8655c87ab1eb", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9b51df83-02d3-5ae5-bebc-4dac0828e2ba", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c87b88d5-b30b-54cf-8398-ae2cf6c2e794", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e1517938-cfb9-5787-b6b2-8f4066da795c", "id": "CVE-2026-41840", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41840 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c5052275-1ee9-5534-a0d5-29bf33fa3a5f", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1c0b5d41-d1ea-538f-bf57-114ddd01052a", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cef182df-be49-53f4-905a-9d15440b3fd0", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:914ba9d4-799b-5c24-98ea-fd34aad0efff", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0df18b2d-fca6-50f5-8dbd-687a873d328c", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:00fe5956-b8d8-5bd7-90b4-db9e65623693", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d63af703-e36a-5511-927c-c8a10209d9d4", "id": "CVE-2026-41847", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41847 does not affect version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-expression. not_affected \u2014 Spring Framework version 5.1.5.RELEASE-tuxcare.2 is NOT affected by CVE-2026-41847. The vulnerability exists in the Kotlin Router DSL filter function, which does not exist in version 5.1.5. The filter function was introduced in version 5.2.17+ (September 2021), after this version was released." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1217b297-bc29-5cc5-9314-3561c385fef9", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:26e0b096-32f7-5214-8f52-e3cb5fb5260e", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d22739df-e5e7-5084-a1a8-f89594ba4332", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d56da0ea-8355-5e15-9d3b-91b9760e69eb", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d533d146-60a3-5a5b-be3b-dc381b277a5f", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c89bf24b-d813-5f8e-89a1-844ae1a600e8", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6b6fc4fa-1f7d-5094-b728-ccb5ca3b00aa", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.2" } ] }