{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:c266b278-3405-5d10-8b1b-70c2363fc288", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-expression", "version": "5.3.29-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:e6b58e29-3823-530c-a4f3-e9f4aa20a42c", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.29-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1c29c54e-e8e6-5b70-9d27-43180d780ae9", "id": "CVE-2024-22243", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22243 affects version 5.3.29-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b28d7746-111e-5275-b2dc-8de2ab9a6866", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 5.3.29-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:69ef35f6-4d7b-5ae8-9b75-00639a103f13", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.3.29-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:eddfbcbb-6e4b-52ec-ba84-a949df459f33", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.3.29-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cf04c8ac-d28e-59bd-8acb-5f221f0a0750", "id": "CVE-2024-38809", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38809 affects version 5.3.29-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d046b1b4-9b63-510c-bec8-891d189b46cd", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 5.3.29-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:161dd166-160f-54c4-9488-5860b4edbfea", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.29-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3f132c7d-0a50-5643-a63c-4b07519a1999", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.29-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bdc0c2f4-f9d6-5ca5-8444-5cd1010285db", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.29-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:59315b42-39a9-52af-a5f3-c91b2f99091d", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.29-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:af742ea4-1087-5a2a-8483-e532b0687790", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-expression 5.3.29-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c66bcbaf-6fc1-53aa-a825-ce66f0b5b282", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.29-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3b18afd9-9169-5ada-804d-fe4863298e48", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.29-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e0ec9ab4-8eef-5596-8b3d-505e103bd05d", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.29-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b623b565-a36b-5152-a573-1d3346e732f6", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.29-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8ee93b23-da43-5724-a791-987ac3536a68", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.29-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e28e8d28-2804-57ef-bdcc-cc7e6b9f3b35", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.29-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1d3215ff-140e-598d-a3fe-bfddc3e6ec80", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.29-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fc624c06-2e9f-5e02-a811-61b52b2a024a", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.29-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1d579d5c-162f-5926-b9eb-f75ee1e75d78", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.29-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:837da507-e4b3-5285-936a-c559837bd08b", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.29-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2de4d41c-2c29-5868-a942-1a6f5753d2ff", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.29-tuxcare.1 of org.springframework:spring-expression. already_fixed \u2014 The target repository (Spring Framework 5.3.29-tuxcare.4) already contains the complete fix for CVE-2026-41840. The fix was applied on 2026-05-19 as part of a TuxCare backport for CVE-2026-22740 (commit bc0026ae70c), which addresses the same multipart request DoS vulnerability with identical code changes." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:209f02c1-9ccd-5d71-9e56-15071222a49a", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.29-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:42915622-062a-5350-8a8c-4ea38b3bb3e7", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.29-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1908ce96-0eb7-51dd-868d-ef407e71771c", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.29-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e80f7d35-0d2e-5936-95c9-43b399d4bccf", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.29-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:eb4099dc-d3a8-5144-a13e-6c1958e91fad", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.29-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c6d676b5-8be3-566c-971d-fc51e20b2760", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.29-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6acda10d-a744-5b88-93d8-a52c23507ae4", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.29-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fe2af2e1-e7fb-58e4-a7ff-e9f81a207b18", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.29-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1fe42e17-02b0-572f-930f-affafb080fa0", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.29-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d99aa061-dbd6-580f-a6aa-810d273a4d47", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.29-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fdd999f1-352c-5adc-b5e9-d1a8435d68d6", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.29-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:89b82cc2-e61e-53db-9892-ca007ae00c3d", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.29-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e777ad96-2b20-54b3-9538-8adb25ec5595", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.29-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:603e65e9-de5e-5e36-b68e-7b5bff123316", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.29-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.1" } ] }