{
  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
  "bomFormat": "CycloneDX",
  "specVersion": "1.6",
  "serialNumber": "urn:uuid:f84c5149-b870-515c-822e-078630ccedab",
  "version": 1,
  "metadata": {
    "tools": [
      {
        "name": "tuxcare-vex-generator",
        "version": "1.0.0"
      }
    ]
  },
  "components": [
    {
      "bom-ref": "pkg:maven/org.springframework/spring-expression@5.3.39-tuxcare.8",
      "type": "library",
      "group": "org.springframework",
      "name": "spring-expression",
      "version": "5.3.39-tuxcare.8",
      "purl": "pkg:maven/org.springframework/spring-expression@5.3.39-tuxcare.8"
    }
  ],
  "vulnerabilities": [
    {
      "bom-ref": "urn:uuid:ae0deec0-4712-5a1b-be50-fc7d10a5dc44",
      "id": "CVE-2016-1000027",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.39-tuxcare.8 of org.springframework:spring-expression."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-expression@5.3.39-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:cb9c370a-7402-5de3-8b1e-da07b4ebd3a7",
      "id": "CVE-2024-38816",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.39-tuxcare.8 of org.springframework:spring-expression."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-expression@5.3.39-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:da1da3de-3496-5d40-8d73-ebe98656091b",
      "id": "CVE-2024-38819",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.39-tuxcare.8 of org.springframework:spring-expression."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-expression@5.3.39-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:b7af0fc9-298f-5f0a-9f4b-1afbf24af69a",
      "id": "CVE-2024-38820",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.39-tuxcare.8 of org.springframework:spring-expression."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-expression@5.3.39-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:5c8e7a1f-226f-5a87-8fc2-c62ed34e9755",
      "id": "CVE-2024-38828",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.39-tuxcare.8 of org.springframework:spring-expression."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-expression@5.3.39-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:a91154ab-0566-5fef-b7b5-7c64d2584202",
      "id": "CVE-2025-22233",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.39-tuxcare.8 of org.springframework:spring-expression."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-expression@5.3.39-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:d6b1d14e-0ecb-5e46-95bf-e776c4a307ed",
      "id": "CVE-2025-41234",
      "analysis": {
        "state": "false_positive",
        "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-expression 5.3.39-tuxcare.8."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-expression@5.3.39-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:170b68c6-81e4-5ae1-b597-1b4d9415ffb9",
      "id": "CVE-2025-41242",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.39-tuxcare.8 of org.springframework:spring-expression."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-expression@5.3.39-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:714cd756-a39f-51ee-8e53-6c7259663ba1",
      "id": "CVE-2025-41249",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.39-tuxcare.8 of org.springframework:spring-expression."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-expression@5.3.39-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:7e9e512f-4ba2-5272-8091-afa0b94a7a5b",
      "id": "CVE-2025-41254",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-41254 affects version 5.3.39-tuxcare.8 of org.springframework:spring-expression."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-expression@5.3.39-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:86b370b3-60f9-5b2e-818f-b7ab97b93294",
      "id": "CVE-2026-22735",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-22735 affects version 5.3.39-tuxcare.8 of org.springframework:spring-expression."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-expression@5.3.39-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:26b06bdf-2f50-5da8-8440-45136da440e4",
      "id": "CVE-2026-22737",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-22737 affects version 5.3.39-tuxcare.8 of org.springframework:spring-expression."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.springframework/spring-expression@5.3.39-tuxcare.8"
        }
      ]
    }
  ],
  "dependencies": [
    {
      "ref": "pkg:maven/org.springframework/spring-expression@5.3.39-tuxcare.8"
    }
  ]
}