{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:f92bb04c-feae-5eee-8c48-a923acb3af92", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-expression@5.3.37-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-expression", "version": "5.3.37-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-expression@5.3.37-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:cc38e2f2-c5f1-5493-b039-28a2ea866c30", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.37-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.37-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5369b190-93c7-5810-a08b-e1f9d7313c98", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.37-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.37-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f0f8e8bb-dc7e-5c4b-a123-97fbf0e58229", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.37-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.37-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b74dba29-ab90-52f7-ac4e-02e8b6b79a7d", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.37-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.37-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:729f6951-03d1-555d-bedf-d34b20e43d98", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.37-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.37-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3254315c-117b-57b5-94d1-68274ea9b229", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.37-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.37-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8bf80307-beee-5682-9342-5b34e2f43285", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.37-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.37-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3014094a-5041-5e37-bddd-894fc4114cf3", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.3.37-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.37-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7e7e2484-c8c0-5e41-bd3c-19a1f5c473f5", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.37-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.37-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:42740c51-bd4d-51bc-916e-9fd29a6ca36e", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.37-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.37-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e9cf6bd3-6540-59e6-a80f-a209aa0ad3dc", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.37-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.37-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:30d9db25-0247-59f3-8898-9f14173a414e", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.37-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.37-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:64c88474-77c2-5ddd-8f06-5652fc595d27", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.37-tuxcare.3 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.37-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-expression@5.3.37-tuxcare.3" } ] }