{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:27d584f9-bb39-5898-87d0-58400c1b3e06", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-expression", "version": "5.1.5.RELEASE-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:d56ffc33-91cd-52e7-835f-86fe3b7f488d", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:99888fcc-5508-5b32-a3d2-eda616c34553", "id": "CVE-2020-5398", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5398 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8e15ee52-caa0-5ab4-8b5b-42d3d6b70444", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:489236bb-077a-5fe9-988d-210e639ab6fd", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:729fcb74-549a-549e-a2c7-27647d8686a2", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:65b174b0-fd06-5cc3-a5ef-bbf742cf0885", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f638b87c-f258-518a-a223-c4a89d1b409c", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b5095057-63be-53c7-864c-ac27627e088d", "id": "CVE-2022-22968", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22968 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:752d3dcf-ce08-5be3-9f60-70118c13d574", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c2ed4f4d-ed31-59a9-b035-04e226b5004e", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:14fdc43c-ba37-526c-827d-feaaf3ff7469", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3b322f03-918d-5e08-a053-a3284bd5e9f5", "id": "CVE-2023-20863", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20863 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ce237275-0074-575d-acd0-7f48867a5cff", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9d5e844d-56d9-522c-bd0d-bb33a8862697", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:654fb861-f4e2-563a-8152-2893fbff8e05", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1bb1e61e-7699-5eda-9aa7-f5c8f092b3e1", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e013613b-8f3a-5b4a-9ce2-9ab2ff925b4f", "id": "CVE-2024-38809", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2024-38809 is a false positive for org.springframework:spring-expression 5.1.5.RELEASE-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5e4141e1-837b-53b9-bf94-5d20720d8780", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:64ec501c-bc9c-50ec-be27-482b8034bfdf", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fa5dc5fc-c92b-5a78-a502-1b476fd9b1b1", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:01be829d-8578-59f9-b14b-91504580222b", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d6e9c658-6ee8-5ce9-8d31-889ebc7eb3f5", "id": "CVE-2025-41234", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41234 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9d37d03d-190b-55c4-88a3-e0982b7f4f73", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e6ab29c5-66d6-54d5-81d3-51aeb1ba8e9d", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8f3d4f66-c1a8-5b54-be5a-db1bf6e278d4", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.1.5.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.1.5.RELEASE-tuxcare.1" } ] }