{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:f64f8295-7f97-56cf-a091-5717054a774f", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-expression", "version": "4.0.0.RELEASE-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:5fe0a863-cc1e-505f-bf3b-0182eeb84ad1", "id": "CVE-2014-0054", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-0054 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:883080e3-8730-56d4-a28c-32a807ac8ed5", "id": "CVE-2014-0225", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-0225 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1231f675-bd5c-58dd-a6b2-29045fd1395c", "id": "CVE-2014-1904", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-1904 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:245e2dd6-cd30-5608-abee-42425c646aa3", "id": "CVE-2014-3578", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-3578 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:13b823dc-7313-5350-921f-c7689dfdd1c9", "id": "CVE-2014-3625", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-3625 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a2c04333-3da1-5139-898e-7ff66a878118", "id": "CVE-2015-3192", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2015-3192 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:adce9dde-f45c-5a46-98fb-08510ca594ae", "id": "CVE-2015-5211", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-5211 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b033f516-4e22-50a8-9959-19e40ec6f5a7", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f113fdd9-94ff-5081-a20d-f148c580a82d", "id": "CVE-2016-5007", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-5007 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2284e6ae-b68c-5460-88a2-9b2cf6ceb03b", "id": "CVE-2016-9878", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-9878 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:444813e0-5320-5555-9e7e-bc965c075cc0", "id": "CVE-2018-11039", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11039 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:29566e9e-5d4f-5d97-a987-aac871606a6b", "id": "CVE-2018-11040", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11040 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:670723d1-f877-58ea-8f58-fcc9cd885cd1", "id": "CVE-2018-1257", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2018-1257 is a false positive for org.springframework:spring-expression 4.0.0.RELEASE-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:42649e0a-c78c-58f5-a320-165bbe183574", "id": "CVE-2018-1270", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1270 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d931705b-3f46-53e7-adf2-dea9f34986d3", "id": "CVE-2018-1271", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1271 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d65df9f9-7321-506d-8598-486230f0cbf3", "id": "CVE-2018-1272", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1272 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2e4bc185-c9f6-5448-85ac-af19e76658ca", "id": "CVE-2018-1275", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1275 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e56753b5-e7db-5f71-8372-4f353b781ebc", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:71e6434b-10f8-5f30-9268-c92f9c955474", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:27635b57-06ec-579d-a522-75214adcb273", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:81b6d7fd-7c08-5399-820f-4ec5579a1ee6", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9c6b53f1-57cb-5c88-afdd-6b5cecd704c5", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b8c1220f-2f91-5a5a-9e88-806aae38c943", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d0441fa9-ae50-5238-81d4-ea74d3fe1c92", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0b6caab6-2775-560d-823e-66d6a91147fd", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:73d43e14-e3f7-53af-9722-d9f4db630622", "id": "CVE-2022-22971", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22971 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1800a495-8e79-57a7-8bb2-7f497460c23f", "id": "CVE-2023-20861", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20861 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e9df47c6-620e-5a29-8a67-e2e325e592f7", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1c70fa93-c326-56b0-82c4-3c9ee38637dd", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6eff3a09-67dc-5811-853f-0c2a3f6f0447", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:15e3eb9f-e9b1-5ba3-96f0-eed69cf944b3", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:48429ac4-76e5-52db-9408-c22e3d139172", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:67d8cdb1-fb5f-577e-901e-48299d9d89b7", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:58459f88-9fe9-5b3a-bcc7-d0a295be0634", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ec7f285b-66d3-5834-bf92-7bd50b260894", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a620e39a-3dae-5b12-b981-d46e421ea38a", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b1dbfde3-e02b-5ec4-a37d-9efd75e28111", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7245adb3-4e15-5476-8cd4-162863200cb1", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2d9098cf-8bfe-5370-91c1-afb5ae223620", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cd10be6d-6d54-5dd8-92fd-ef286259d291", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.0.0.RELEASE-tuxcare.1" } ] }