{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:b36682d5-1871-5e56-877a-583ef92e1523", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-expression@4.2.9.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-expression", "version": "4.2.9.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-expression@4.2.9.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:f35ba6ea-eb19-5cd8-9279-7b55ca324311", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:72099467-d631-5392-8da4-ffd17c37558c", "id": "CVE-2016-5007", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-5007 affects version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fa0966c9-c1bd-5535-b99c-40b87a00ba85", "id": "CVE-2018-1257", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1257 is fixed in version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5e028a12-c9df-51c5-8c07-71e7636b0f9f", "id": "CVE-2018-1270", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1270 affects version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a195efbe-13ef-50db-ba80-e0a12aba59c3", "id": "CVE-2018-1271", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1271 is fixed in version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7a70ab68-accd-5881-89f2-03cb85d86453", "id": "CVE-2018-1272", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1272 affects version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d5794feb-5c89-5b6b-9413-15946f9a707f", "id": "CVE-2018-1275", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1275 is fixed in version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cf4f4453-5a70-5aac-bc4e-125cc7c3e0c0", "id": "CVE-2018-15756", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-15756 is fixed in version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fb56dc44-3069-5b6d-bdab-f5d24f648ccd", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1fc51028-daf4-5e4e-b91b-30db9990a27c", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:048b4e86-78eb-59a8-abbe-9e14332c07b8", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7c552fab-fae8-5167-8375-cd0c8d37c7ae", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5c69f069-9b9f-5c4f-b5d3-9893a910493e", "id": "CVE-2022-22965", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22965 affects version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1a1351c4-e0d5-5350-929b-18a66f6c2004", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:22aaeec6-a951-5042-b58a-4d6169e58f3b", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:85fb0869-7165-5110-8a6b-3853fd8bc3a4", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:88ae96b4-5cba-5e1c-98b9-8be082de078d", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f31e0ad4-5459-5e52-a766-97197c54f6c0", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:15f6befd-195d-5260-b6f6-952e3457f054", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bfd5744f-529a-5e8e-b354-bf959412eae4", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:44e3fd25-187d-593c-a91a-0520debc6f24", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:92a3afb4-255c-5327-a6e0-bd3d5cfb86e1", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d432bef3-f43f-5305-b2dd-6298476fbee6", "id": "CVE-2024-38809", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38809 affects version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:da7d88af-d957-5591-871e-e4827e477f7f", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f4a2645a-f035-5103-9a60-2a2af7bc4e8c", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:036b59bd-2855-5c2c-8f14-12afd381d3be", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:da12c68f-4913-564a-8176-ac50da051374", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.2.9.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4949a461-26cd-5ece-bf7c-378d4574410a", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 4.2.9.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.2.9.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.2.9.RELEASE-tuxcare.2" } ] }