{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:6c51b104-2e35-574c-97f5-f208c2f7ec52", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-expression", "version": "5.2.13.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:03ae7d20-bda9-572d-b857-9a44702854cd", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0782b197-0658-5e4d-a635-e8fc15b7d0d5", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1ed5d1f2-747f-5a5c-afcb-5dc3f7f386df", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8f0b709c-44df-5f9d-9c98-809458745740", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4931f030-23f9-53ae-9c47-8cb08c670e6f", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3ad98d60-d955-5394-a04c-4641958939fe", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2a8ae474-ec03-5891-be80-4f5caeb6859d", "id": "CVE-2022-22968", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22968 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:69476ea4-74ba-580d-86ca-d47a12414adf", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f71367a0-c7e1-5778-bdd9-0ed2377add85", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6c3b3b35-9a15-5d26-80ff-30f4efbc305f", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6405d0cd-b467-56d1-b628-84109f7d5734", "id": "CVE-2023-20863", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20863 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:73489184-2ebc-547a-871a-f0fa29c38550", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d6b24536-40a2-5b06-836d-b0bd0b242e9c", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c3869f1e-919c-512f-8c0d-f8eb9c8fc66f", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ede1f48a-c69c-593c-9ab2-e6b7b30e1a91", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:24ab29cf-1100-5b58-9f83-438aebb6c8a2", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9b347087-681f-557f-bf1d-446d10692f39", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:73d1e36b-fb3f-5eb9-967a-571e92817cb4", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9665e201-3321-52e1-866a-54b381a40b03", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:85756bde-3a7f-5d73-b004-b7e0012e8a0a", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7e1ca85d-82c4-5603-9c36-321e59da0b9f", "id": "CVE-2025-41234", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41234 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c13a9cd4-6d3e-5aa1-bc11-4bd8444c316c", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7b3c6ef8-0be9-589a-bcd6-5cf0a56abb74", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.2.13.RELEASE-tuxcare.2" } ] }