{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:ecf9f02d-f9c6-56be-8dc1-091948b95e5b", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-expression", "version": "5.2.0.RELEASE-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:a69a0943-9ce1-5ec7-81fa-48f0274ae0dc", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:80627453-8dac-5c4a-acc4-7c3775c39914", "id": "CVE-2020-5397", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5397 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:64a831d1-6d99-5941-8d63-de99da3a7ba3", "id": "CVE-2020-5398", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2020-5398 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:077a3f3c-8785-5eb9-85e4-3e0715210856", "id": "CVE-2020-5421", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2020-5421 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e180dad3-deb7-583f-ab25-122d76b44529", "id": "CVE-2021-22060", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22060 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:412cc269-945f-5ed9-90ce-c8c7d2279724", "id": "CVE-2021-22096", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22096 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:efc2da24-43c9-5272-a1e8-e33f0667b18b", "id": "CVE-2021-22118", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22118 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0e8ee995-75e1-5398-96bd-14dbe357dd85", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4522161a-7fa4-56e6-a8cb-9a81360b4154", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a37d1928-6ef5-58aa-8c70-6b27d25f24e1", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c00e0650-f92b-5a53-b4a5-8a6aab48183e", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:90796bcc-ff9f-5959-8efe-b7190a62b1b5", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ae942f5a-8194-58bd-adc2-aa52b43d28b3", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6cebc822-80f0-5fa9-b913-cce3525ff28c", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:930c3f9d-3944-5e78-a84e-1752d681fb5b", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b700c82b-c636-51f1-a229-e35bfc5b4100", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:947b3a69-2014-55cb-8029-7b5f73038f4c", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:45b9d393-8276-554d-a10b-016ab604e053", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0776711c-8cef-5c0d-8da9-e9bab3b2eef0", "id": "CVE-2024-38809", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2024-38809 is a false positive for org.springframework:spring-expression 5.2.0.RELEASE-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:879736c2-c553-53a3-81c3-38f9eb1089e3", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:47f73843-8955-546b-8ba0-2e88191ec978", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7c1025ec-3549-57b0-b59a-25f2fa94fc6e", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b5c9f496-42c9-5a2a-8f94-fb98fb913164", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fff60591-9d14-5cf6-8736-b97b7b6fe0e5", "id": "CVE-2025-41249", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41249 is a false positive for org.springframework:spring-expression 5.2.0.RELEASE-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:98b88fa8-88e8-54fe-bc8c-bf2667e44fd7", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.0.RELEASE-tuxcare.3" } ] }