{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:566a88ca-d6db-55cf-bd9b-822e74d561f8", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-expression@6.0.23-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-expression", "version": "6.0.23-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-expression@6.0.23-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:ddaef103-61bd-5aa6-bdee-d06915c04244", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 6.0.23-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@6.0.23-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2620f508-6235-5ce3-ab06-f9a8698f181f", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 6.0.23-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@6.0.23-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:12577a28-d7e2-54f9-80e5-5c17a3dfab95", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 6.0.23-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@6.0.23-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:991812de-b385-5bcb-881d-0ed48a6a7333", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.0.23-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@6.0.23-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:82349751-7fa2-5cfe-b1f2-bab2e6a542d3", "id": "CVE-2025-41234", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41234 is fixed in version 6.0.23-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@6.0.23-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:70d89821-be60-5e25-a10a-e1b17065ee50", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 6.0.23-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@6.0.23-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c4ba4c36-5a62-5c9c-b319-2a747b2c58af", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 6.0.23-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@6.0.23-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fd34ae34-e066-5aba-9948-bbc8ba432bb7", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 6.0.23-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@6.0.23-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:559ac993-a5d4-5988-8703-65404bf5c91e", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 6.0.23-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@6.0.23-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6c85034f-ede0-5c79-b996-33b481bd11d1", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 6.0.23-tuxcare.1 of org.springframework:spring-expression." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-expression@6.0.23-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-expression@6.0.23-tuxcare.1" } ] }