{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:d747ad99-b7a0-5d86-8414-27811855fb07", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-expression@5.3.37-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-expression", "version": "5.3.37-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-expression@5.3.37-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:c7cfb8bb-28fd-54cd-8550-f11124019cd4", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.37-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.37-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cf6df3d1-6b90-5186-80c2-9cd2f3db64db", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.3.37-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.37-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4359007a-f8ff-5408-ae67-01eca44a7ae9", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.37-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.37-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:52be7314-ca1c-533f-8cb8-11ee63ef9b5d", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.37-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.37-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:eebc8601-03b8-5704-896f-be15c70ae6d7", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.37-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.37-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:95692eba-df8f-5bfc-89bf-533dfc524b0c", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.37-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.37-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:98aee43e-0a10-59d9-9a5e-0c587381e2cc", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.37-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.37-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8ecaa17d-04e8-5cc2-88b8-e52e8228adc1", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.3.37-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.37-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2a2f39df-9fd4-582c-8d70-d3dfb8203ef3", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.37-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.37-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:09cc0f17-d837-5a4c-abe5-82e248a29de7", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.37-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.37-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6493788d-10be-566f-bfcc-d1ac3f599c14", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.37-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.37-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0f5eadaf-d49d-5bad-8bfd-9c10b9cdb939", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.37-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.37-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ebf8cf2d-1e45-5908-8b5a-7e069c9b7ef9", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.37-tuxcare.2 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.37-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.37-tuxcare.2" } ] }