{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:e9df2522-2610-5395-8440-8b42cfe50276", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-expression@6.0.16-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-expression", "version": "6.0.16-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-expression@6.0.16-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:8e4292b0-c0e6-5b4e-a19e-9552f53a2e52", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 6.0.16-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@6.0.16-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fe51ffc7-0b24-50e7-9540-5f5ec0c1087b", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 6.0.16-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@6.0.16-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7987aea4-f13d-5ae8-a07d-a1e8f7492cac", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 6.0.16-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@6.0.16-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a872e12a-57a7-529d-915a-8ccecf195138", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 6.0.16-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@6.0.16-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:68a76b5b-0910-542e-a242-97e28453e31d", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 6.0.16-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@6.0.16-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d2f9c73c-f334-5a63-9d6e-4b7f0f845046", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 6.0.16-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@6.0.16-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e49934c7-7a73-5098-b3c3-be84d2a44f94", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 6.0.16-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@6.0.16-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fc4ccc30-e424-5239-bb47-7aead42c8201", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 6.0.16-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@6.0.16-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b3b07e44-0648-597f-8cb6-b0edbead79b8", "id": "CVE-2025-41234", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41234 is fixed in version 6.0.16-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@6.0.16-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4f8b74e4-dae2-5902-9ee0-478d95d73dcd", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 6.0.16-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@6.0.16-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:539788ec-fc6c-5027-9ea4-afa88b0c1f08", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 6.0.16-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@6.0.16-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b363fad9-f26c-532b-888c-ba4499317019", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 6.0.16-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@6.0.16-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cc1aab21-cbc7-5932-8ee5-edcc092d17f3", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 6.0.16-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@6.0.16-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2d864269-55e4-5dd3-965c-e6049f790610", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 6.0.16-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@6.0.16-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-expression@6.0.16-tuxcare.1" } ] }