{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:52c71e68-b03d-5294-8a52-ceac9c2d3577", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-expression", "version": "5.3.29-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:0d711367-7927-5953-90e8-bb43a6ba60d8", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.29-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:88fdee1a-2b25-5718-919e-e99d628bf0c2", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:be815b10-a83d-554a-81c5-6f6a9a5c884b", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d2df05d1-88e3-5eba-9fd2-c83e53538d41", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:881302dc-1af1-5d23-bbcd-f1d075211f94", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5e5bb6fe-3f04-5dd2-86e3-37fb178ccc56", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3f5eb2ee-ba9f-50fe-b940-f5a963e135b9", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d969a454-9f0b-5cfc-aa39-8bd904612064", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c9a9d5c6-6b0c-55c8-a533-4bb72b8ee86e", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d658ee44-b606-5f2b-8fbd-a70b9b4eaf62", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8ed44b9f-c083-5282-9df0-47e9ae98a838", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5549d23e-df2a-5e47-9579-eee6720b44d8", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-expression 5.3.29-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f78eefb6-a775-59a2-8479-c9e393149614", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6be0d57f-a89b-5521-9f8c-95aaf3fbd69a", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.29-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f497ee38-5b66-53e5-9c1e-06f4d6e189c9", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:81fbb7de-2094-578e-b5a1-412b20874a20", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.29-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3186f848-5eec-514c-b14d-7555f8a8df35", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.29-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ab78b374-9a83-5d7a-9a87-f89e808fc6d8", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.29-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d3a63eaa-22ae-5c37-874c-26a9377fa011", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.29-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0f8e8b28-4dab-5178-80bb-1a613be27ed4", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.29-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:aecb8526-a17e-5eb2-adb3-c0015332dea1", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.29-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a7206eea-b46d-5940-836e-cb72ee0238fe", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.29-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2c8d6624-2439-5fe9-8d94-3cf9bfc60ce2", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.29-tuxcare.3 of org.springframework:spring-expression. already_fixed \u2014 The target repository (Spring Framework 5.3.29-tuxcare.4) already contains the complete fix for CVE-2026-41840. The fix was applied on 2026-05-19 as part of a TuxCare backport for CVE-2026-22740 (commit bc0026ae70c), which addresses the same multipart request DoS vulnerability with identical code changes." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:92c12dc0-9b68-5f30-b9ae-8f9e0899d096", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.29-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5e34cbe9-9341-5185-9b4b-a51aa28e65b1", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.29-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4da85db9-f5d6-5241-817b-4539989c7d22", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.29-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1920b848-354c-52e8-957c-da8a9ee91690", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.29-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b28e1aaa-643b-53dc-95b4-bf841240dda0", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.29-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a48201c0-8f91-5f61-b48c-4611698dc6ce", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.29-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e345e2f2-73ba-5fc0-900b-da2b86d7a50a", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.29-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f6e957bb-354c-5317-b0f2-6213d5d559fd", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.29-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:97a4218c-6d1f-5e5c-85c3-a38e0df2278b", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.29-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:eceb1c7e-1ac6-5b9f-8cb6-1f61b172f838", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.29-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:be78c480-6ea8-5db6-938d-349876e28f4c", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.29-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6c94fd03-17ac-5c59-81b9-8f61dadc70c7", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.29-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:508f17a2-b71d-5325-afdf-bec6c9939669", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.29-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7ff87e16-abf9-542e-a704-b1f451e1b0f7", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.29-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.29-tuxcare.3" } ] }