{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:7087e0c0-09a4-58e1-aa7e-3459ce64c2ff", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-expression", "version": "5.3.29-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:034c63f7-ec8c-5d97-bba5-d2c458202ef7", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.29-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4cfb6884-fe5f-536b-a800-053216419ad8", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e25cdf57-3020-5047-b8c4-40e446429c26", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4da12d6b-b852-55d1-893a-50135cd52f10", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.3.29-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2d9c3ef5-4cc5-5bb6-af9d-ab73e5ababcd", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.3.29-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:846fd5fe-98a1-5e74-bafd-e09333b1df56", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8827eb6d-7379-5d28-9324-f06141e49c03", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e3544385-91ac-506c-8080-84c3bd5c8504", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.29-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cc7378a5-254a-5099-b561-bb48c01593f7", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b0fc149c-734a-57f9-bb66-e944934eb300", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a02a911b-a182-51e1-92ac-5cac7f93ca02", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1f6e08e6-43a0-5668-ae1d-ba280e5e61f3", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-expression 5.3.29-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d686a971-fe20-5d5d-ad4d-174bda0b951d", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.29-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9b65a804-87fb-58db-a96c-0c9c626e5f04", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.29-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:220742ec-500b-5348-93c6-a8d5bd0573a0", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.29-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:da94f351-9a8e-517a-8e35-c162205d36c3", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.29-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f5f94464-9564-531f-bb0b-fb5ce93b92e1", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.29-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0cb33068-7a6c-5967-9fae-00d0f1c091c2", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.29-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:70b9c3c5-84e9-5c1c-a5b3-7efb7184d196", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.29-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bcca709c-777a-5834-a082-5f2603fec372", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.29-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2259c792-3578-5117-9d53-a73b023928f9", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.29-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6c64ecea-4ecf-59d7-979a-98da95be5efb", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.29-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:203d5de2-b0eb-524b-845d-954969d6de17", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.29-tuxcare.2 of org.springframework:spring-expression. already_fixed \u2014 The target repository (Spring Framework 5.3.29-tuxcare.4) already contains the complete fix for CVE-2026-41840. The fix was applied on 2026-05-19 as part of a TuxCare backport for CVE-2026-22740 (commit bc0026ae70c), which addresses the same multipart request DoS vulnerability with identical code changes." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:774b3a9b-0e48-537a-9a30-4184691f7f0a", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.29-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3e47ecf2-df2f-52f7-a009-82916087d4a8", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.29-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bd5fcee0-996d-51e8-99ad-ffaca4151fd2", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.29-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e2d5267a-866b-5a5b-ac4e-6f99746f0287", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.29-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e18bd3a0-18b7-5dd0-9bff-c8e6e1ab74b6", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.29-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d9967baf-05ff-5c0a-9537-77f29f6bcf0d", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.29-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:20ed988c-4c97-5a4f-a594-adbf5b0e19e4", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.29-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:042babb0-b108-5a60-af59-3ffbeca988ea", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.29-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ce7ca033-b6ee-5072-b9fe-2252d62c3052", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.29-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:70f6860c-46da-586f-9616-d1ca25dc70d2", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.29-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:737be77f-bec0-592b-815e-c17bb9d26149", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.29-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d94df119-831c-5ffb-b70f-e71378e74c82", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.29-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:34bf2198-b4e3-51c5-a0da-e7f3070de6bc", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.29-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e3e09315-a40d-50a7-b60a-ccc9fc162bae", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.29-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.2" } ] }