{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:969bfa44-a3ac-5e47-a454-fcf468f39ced", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-expression", "version": "5.2.0.RELEASE-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:a69a0943-9ce1-5ec7-81fa-48f0274ae0dc", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:80627453-8dac-5c4a-acc4-7c3775c39914", "id": "CVE-2020-5397", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5397 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:64a831d1-6d99-5941-8d63-de99da3a7ba3", "id": "CVE-2020-5398", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2020-5398 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:077a3f3c-8785-5eb9-85e4-3e0715210856", "id": "CVE-2020-5421", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2020-5421 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e180dad3-deb7-583f-ab25-122d76b44529", "id": "CVE-2021-22060", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22060 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:412cc269-945f-5ed9-90ce-c8c7d2279724", "id": "CVE-2021-22096", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22096 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:efc2da24-43c9-5272-a1e8-e33f0667b18b", "id": "CVE-2021-22118", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22118 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0e8ee995-75e1-5398-96bd-14dbe357dd85", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4522161a-7fa4-56e6-a8cb-9a81360b4154", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a37d1928-6ef5-58aa-8c70-6b27d25f24e1", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c00e0650-f92b-5a53-b4a5-8a6aab48183e", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:90796bcc-ff9f-5959-8efe-b7190a62b1b5", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ae942f5a-8194-58bd-adc2-aa52b43d28b3", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6cebc822-80f0-5fa9-b913-cce3525ff28c", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:930c3f9d-3944-5e78-a84e-1752d681fb5b", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b700c82b-c636-51f1-a229-e35bfc5b4100", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:947b3a69-2014-55cb-8029-7b5f73038f4c", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:45b9d393-8276-554d-a10b-016ab604e053", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0776711c-8cef-5c0d-8da9-e9bab3b2eef0", "id": "CVE-2024-38809", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2024-38809 is a false positive for org.springframework:spring-expression 5.2.0.RELEASE-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:879736c2-c553-53a3-81c3-38f9eb1089e3", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:47f73843-8955-546b-8ba0-2e88191ec978", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7c1025ec-3549-57b0-b59a-25f2fa94fc6e", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b5c9f496-42c9-5a2a-8f94-fb98fb913164", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fff60591-9d14-5cf6-8736-b97b7b6fe0e5", "id": "CVE-2025-41249", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41249 is a false positive for org.springframework:spring-expression 5.2.0.RELEASE-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:98b88fa8-88e8-54fe-bc8c-bf2667e44fd7", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:24726e12-4a3c-5fcd-821a-bc5409dc0b76", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:53254e9f-34ec-5ca9-993c-53c89a41b894", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:82f1dae3-155b-5592-8705-ccb9dd6c35bf", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2eae5adb-a80d-512f-97ab-4f4b107bdae1", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5df06371-5e7c-5220-ac5a-16a290c2a903", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:21c4e777-dacd-5c22-8709-6e24532aa3fb", "id": "CVE-2026-41840", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41840 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6a7ad225-15a6-5a23-9753-c309f695c4a1", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f78c3414-86d3-5f61-a410-61645a1f0e94", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1383d7db-3c73-5882-82e3-632240cec0a9", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ae9227dd-a0c6-5be5-9f94-3456a7af95bf", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ba9d8409-4046-52a2-8a9a-00ed2ebfb9b4", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:47314ecd-8fac-5630-b047-84c4819bcc8e", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0efce5af-d51c-5420-84ec-cbb2ec1d8bf5", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e4b210dc-479f-574f-8c76-c2064b652a6f", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:93a34155-862c-57d6-9136-7a9b7a3d3099", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:94270d9b-2989-5cd8-9a69-dc3f6e956dfa", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:08623820-f190-5e7a-95b4-98e17b320cf9", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9c2ab4fa-cc3c-5d89-8a50-6510a65fdf13", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2eaf9227-9917-526b-a437-0b8e7e234143", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:aa9fbd98-d63e-51dd-945c-02924575c93e", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.3" } ] }