{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3697c3ba-605c-5b1d-bee0-878bc93e4239", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-expression", "version": "5.2.0.RELEASE-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:e0f64151-0b84-5917-8bae-f4796d527dcb", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0973534f-b3a6-531a-a2d9-da54e280937f", "id": "CVE-2020-5397", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5397 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:43f50ced-466c-51ce-bb99-55325fd68233", "id": "CVE-2020-5398", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2020-5398 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:055bddb4-c2c0-5816-8363-93dcd1d41fd0", "id": "CVE-2020-5421", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2020-5421 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:066a358b-1b29-5040-a0a3-42191fcb9c7d", "id": "CVE-2021-22060", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22060 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c58ef3ac-efa6-550c-8549-f71d2d6ad900", "id": "CVE-2021-22096", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22096 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b96d4187-2653-512c-a3df-bbd3a051f5bd", "id": "CVE-2021-22118", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22118 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:615469aa-69c6-5600-a037-e8990f8953cb", "id": "CVE-2022-22950", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22950 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:aabbb03b-ba55-5af7-b6fa-1a39da959eea", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5cfbf33d-c71f-5fdb-a347-3ede7c2d15bb", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ed076978-1325-5154-bb3b-7877321ee6c2", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:39c79b53-f1b1-50e6-874e-85ae45a30abe", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ff747241-75ac-5801-be3a-ba62a55a37e1", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4df293f2-925e-524f-b087-7008db404a16", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:92c09882-66b9-5215-b1ae-3d8dc6bbc609", "id": "CVE-2024-22243", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22243 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7deb9c3e-7606-5967-a709-c77180bd8a51", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:19e97724-e03d-5320-8d05-09bbfdbb60c2", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1eb98e1b-05d3-5ece-b629-075a3eecded9", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:911a5b67-55b5-5501-8528-77ad927938c0", "id": "CVE-2024-38809", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2024-38809 is a false positive for org.springframework:spring-expression 5.2.0.RELEASE-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:52228445-de97-569f-87e9-498133eb7a93", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0d19ebfa-7dad-52e3-8376-0e98d1f3cbd6", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bf3729fa-0bf0-589e-bd58-5c19af95cd16", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b9dccb9d-435b-559d-a52a-07f1ea552b70", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b7f0f481-b2ba-5e34-998a-65a88910f3ab", "id": "CVE-2025-41249", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41249 is a false positive for org.springframework:spring-expression 5.2.0.RELEASE-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:112d9a08-9f4b-5c79-930b-f67ab0acf542", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.1" } ] }