{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:f8607cdb-74e2-5116-a2ea-2a03c14ab261", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-expression", "version": "5.2.13.RELEASE-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:ae23c5b7-fc93-5c3c-a1f6-f15232ec381b", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6b24fec9-6da2-5e6e-8814-8f0010821b3e", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dc22de0d-bb08-5782-b56d-1d8b6dd1d08a", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5c76ee05-02a8-5163-afda-afb7f67c338e", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3b4836f5-8b25-5b61-821b-ecdb3568a574", "id": "CVE-2022-22950", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22950 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:213408f4-71a8-5093-891c-1e3deccb6099", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c4db4604-dd9d-5660-a793-e9094d7b0912", "id": "CVE-2022-22968", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22968 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b9514899-c721-52aa-9841-c85567abe6f2", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:082d13dc-3a4e-518a-95bb-8c0aa5a6acd7", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e677e488-6e8b-51f7-bb40-66592b6068a0", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1f27ec46-23a6-54e0-99a7-f45cadad8a63", "id": "CVE-2023-20863", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20863 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:52f90117-1ee2-5a02-85e5-b7cb131b0bc1", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:246c9161-df3a-5e4a-8ea2-7d96188dea69", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c1dd1f46-cfc1-585a-bd34-8572080fad45", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2cd46881-7783-50db-8e13-1a5339cf8f38", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:50d46fd4-3370-505d-986a-a449da21fc58", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:572c2c3d-c7bf-552e-9657-9eb60c024d8d", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e3e823ea-e2eb-522d-a72d-8d0098fda3a0", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b2e95916-fab9-5114-8b1b-84b78a11e830", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f9d12c2f-c0b5-5d84-9759-7523189e6255", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:90dd0795-18a8-5f56-b3fa-7633e4297577", "id": "CVE-2025-41234", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41234 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:453f7ca4-04fa-551c-8893-999d387ad7c6", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e0515694-b627-5af2-adf9-54b6a6a7c864", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.1" } ] }