{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:cf45adec-f855-5ad9-8385-fc4fffe18a70", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-expression", "version": "5.2.13.RELEASE-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:f06ed33f-8430-5cdc-9041-f55feccf8b0b", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c966175b-185e-5e39-9baa-5974a958f0f6", "id": "CVE-2021-22060", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22060 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0e8e7836-f5d1-59bb-aa37-cd82eba54dc4", "id": "CVE-2021-22096", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22096 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:38376700-960a-5293-8478-175d4aa316ce", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7875b1fd-b13f-57b9-8826-f6e18c9d8a96", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:42450d75-a37e-57e9-9450-c193b0cecb80", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e3119faa-6a13-5397-ab6d-166b7351130c", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:177a4028-f87c-5b7f-8b87-af2640ebd376", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1708da8a-05ce-585f-9cab-b961a9f2ef7c", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:376b4543-8d8b-5813-83ed-e88d527c713f", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d5e30fe4-bacc-5b75-ad19-1ab0cf7ee1d9", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:54f6f2bf-af26-594f-a44d-5f29f7955f97", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:507aa647-d4de-5046-8bd4-9bc4f0bb3683", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f9e6f2da-e80e-5b2b-9fc8-7677704ca252", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0df83099-aba2-5870-bcc5-2210bae10ba7", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:175aad70-7e28-5f93-b7d7-485132d9bfee", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7bb5ec11-36a0-5b96-ad20-76d2ec799f78", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ed59fe20-d621-5d70-92e3-e04964266822", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a6a8fd25-2c30-501e-a731-3947d403ce32", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3918043e-6677-52f4-8798-233055733e34", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8b88cff3-c20d-5861-9965-56a3fff0c8a5", "id": "CVE-2025-41234", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41234 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:26f6fbd2-18c8-5068-8789-79e4ab059ac5", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f65f88a0-4491-5c46-8e93-347e6b3b1b18", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:05c26512-e23f-58bb-ba49-f10f63a383fa", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:695c4e12-89e2-5464-a72b-a9d93b84ba64", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:92115232-8516-5cda-81b9-945390da6304", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f6b49a7e-9161-506b-af4c-5da38354e11f", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c9985ea5-49e5-5abf-8a45-3b6356708230", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:46fa8292-2372-5c68-b528-3088e02f648b", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-expression. not_affected \u2014 Version 5.2.13.RELEASE uses a fundamentally different multipart parsing architecture (Synchronoss NIO library) that does not contain the vulnerable components targeted by CVE-2026-41840. The CVE explicitly lists affected versions starting at 5.3.0+, and the patches fix issues in PartGenerator and MultipartParser classes that do not exist in this version." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:534915d9-ca53-5797-8a41-e948e0e7e6b7", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:692478e0-f094-5605-9b24-900999ba5978", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:18f54f64-750a-54ff-b99e-0e5486766f57", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:51f7f6f2-9a49-5728-950e-c9af930888ea", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3a51984e-1f22-5d20-b374-1ee52b82efba", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4e9db52f-7de2-5395-bcf6-8a57e7c0c434", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0aa8263d-9709-5ac8-8b87-00f2a6a74fa1", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:76c9e426-7827-561d-8857-0c7bdd9649db", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b9c63951-f442-517f-828a-f6fb4e82afee", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8ddbf355-04cb-536d-9e97-ad5b9d4d4deb", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a6b58273-d831-5df8-87f9-801cb32ed195", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f98c17ee-23c7-5b11-b6dd-db06df7e8ff7", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:453634c0-6f26-5c8b-a36b-705b82aeb797", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:afea8731-72ba-5d75-b3ef-e7baaefda35d", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.2.13.RELEASE-tuxcare.4 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.4" } ] }