{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:845aad63-c5a9-5649-ae5d-1fa71f173365", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-expression", "version": "5.2.13.RELEASE-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:ef5a48c5-9037-529d-ac4d-a309bdc41820", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:10ba2043-06eb-5a4f-98e8-223bd9cc0053", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:663d0968-200f-501a-9f2a-8994d1f8df99", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:03d330ad-c6a3-5dbd-9ede-f14c58ffb783", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ca916bb8-3ab4-55b0-bcc7-407746d7c813", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:be8102d8-f472-5334-83af-a22d1c3b041c", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:eb6b7602-b3a2-58a7-a70d-9c23ba1aca74", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:37de91d2-7a7f-5136-9556-0596042f7f7b", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:56970afc-621b-56aa-9aa3-3bc45e2ee93f", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0676f4fe-8dc0-5a78-8b77-a0b926e50feb", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:604ce68e-a337-5d99-b3dc-47e268f96cf6", "id": "CVE-2023-20863", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20863 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:86aa2006-9d8e-5daf-9728-ed6fef0c872b", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d6d23287-ebc9-53ea-8b1b-9f3975211bfc", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c56a8281-18b7-5111-a2fe-2953aa6c203e", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b23ae9ff-03be-5de0-a689-5c3e9196e196", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a2b0a35c-2cac-51cf-b8c9-6f6e1affb9b1", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:db8c6362-da2d-53ed-85d5-cc6c27803288", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5e3452e1-ba77-5639-9c22-831f8f095022", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a50a66c9-b7f7-5bfd-b4f5-6ce951c982e2", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2a227f1f-785b-5b66-a19e-adec976809c6", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4c4731ff-3479-5bd9-a651-a80a957b997e", "id": "CVE-2025-41234", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41234 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d5f91bb1-e3d8-5dff-b9aa-dcca67ce5baf", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:10561750-5c3c-568a-b8b0-2133463956e7", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6bd2898e-77a7-574d-bdf7-dd43a16a574a", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:66faaa24-d150-5bae-b1c2-bc8c61deb45a", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2116b259-a12f-5079-9356-a5840006929e", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8b20522a-7062-5ffe-85f7-758c8911d137", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:676e735d-ec10-58e7-9f74-00867e761690", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:17229abd-078d-5bcf-9911-fe94a08ecede", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-expression. not_affected \u2014 Version 5.2.13.RELEASE uses a fundamentally different multipart parsing architecture (Synchronoss NIO library) that does not contain the vulnerable components targeted by CVE-2026-41840. The CVE explicitly lists affected versions starting at 5.3.0+, and the patches fix issues in PartGenerator and MultipartParser classes that do not exist in this version." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e94f47db-caaf-583f-8a69-f981d000a5af", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6990d8e3-312a-5c14-82f5-6773069d18ad", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6afa7e94-2231-51c1-96f4-59f711873159", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b935b0b0-8055-5984-96f6-0dc8020d1526", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7e8900a8-edde-5a81-8bd9-09cd20ae11a1", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ed256faa-dce8-5a4b-8a86-0ba20f070843", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fbb68d6a-10d9-58d8-9741-0bfc552c4f88", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5c9ff494-f3ea-595b-8f87-ead6fb688b46", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:95e50481-c270-5753-9c1a-96a8f7aab4b3", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2d355594-71c4-5bdb-b94d-73c5af04425a", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:71f50e9b-29d7-534b-927e-15f707f84a6c", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3a84ac58-76ed-5753-acb8-0449efb2a6d6", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1001e13f-ddc3-535e-8cb7-9f59da9fa8fb", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bffcb0fd-6dc4-580d-b106-d84d1ac9f526", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.3" } ] }