{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:2926a0bd-4337-5a10-8de7-545b370b9acb", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-expression", "version": "4.3.30.RELEASE-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:004f90d9-70ab-51b1-8c21-04d078fd69dd", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6ec5a5b3-c74e-5775-90bb-5b7e6ce23c29", "id": "CVE-2020-5397", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5397 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:302b5e00-6f35-58a9-9f5e-76253aa3237d", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b6d6577b-3691-54b1-87c3-b89ec64ea4e7", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ba18616c-5d4e-5b1c-8dc0-0a4bb0712f66", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f07c612a-effb-5296-815c-965546184b1b", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7f7afca5-6bdc-5cd2-a01d-33153b90c83b", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:98d51ccc-1a21-599b-b214-0f96fb29ea8f", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5a651539-618a-5820-b9cb-3df2e3ac4aca", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:72b00b82-2e93-5ec0-abbb-d0360c992b88", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:86d5c7dd-8bb9-502d-b48d-42e2da3fd14b", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:93d654bc-b31d-5c57-a055-af2e3360a796", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a63b9ac6-5c78-516b-a9c5-fd89390a3493", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3b243e9a-49c8-5c26-a366-9bc3258f904f", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b21b3594-156d-571e-befe-27b2a42c4bd3", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:99a29b5a-0c76-5574-8834-cc74db0f8ebb", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c4ef98ea-23e0-5a63-81f4-7e60e7a37035", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:868c740b-e0dd-5638-be01-813e01693869", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9c70d86c-400e-5419-b219-5b8a790495c8", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:aa8847d0-cafe-512d-b149-e4f9bc1e2e38", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:42af5355-e455-56ee-9010-30ee6a6af4dd", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:df72ce77-fd41-5271-a3e0-0f76e4b1596a", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fe2351a6-7192-53fa-94b0-ec0e4de7f457", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6940898c-9a88-5e49-9221-44172866a3ca", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1665de15-4351-597b-b3c2-9ac0d999d4c4", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-expression@4.3.30.RELEASE-tuxcare.1" } ] }