{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:02000608-54a9-5edd-acd9-3f11a82b5420", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.5", "type": "library", "group": "org.springframework", "name": "spring-aop", "version": "6.1.20-tuxcare.5", "purl": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:b75bf6d1-6402-5bc3-809c-52e840c1f190", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.20-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:977f80fd-5bbe-57c3-876b-3ba8d8d12e51", "id": "CVE-2025-41234", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41234 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b44b4c4e-f337-52ee-a281-bcb1e9b6da2c", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 6.1.20-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1b973eb4-91b1-5ba6-9913-31ac699a4518", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 6.1.20-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:77f03d51-9bc5-5937-8cea-6e4287c5a857", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 6.1.20-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:80320c40-2a84-5abd-a335-b4ff4ad44574", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:984380e8-ddac-58d1-b577-eb933a249442", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:892581fd-44cb-5c12-bd2e-005fceb059c4", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:bd112069-1a69-5516-802e-0f27748b8495", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:010f34ac-146a-5e41-a69f-b7efda689957", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:de82f777-3a3b-5fbf-913a-55de933597bc", "id": "CVE-2026-41838", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41838 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:37d028ef-8c35-5430-9214-c6d6d56f6256", "id": "CVE-2026-41839", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41839 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:55ec6ab9-df54-59ab-84ef-4c273f6e2b9e", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.20-tuxcare.5 of org.springframework:spring-aop. already_fixed \u2014 Spring Framework 6.1.20-tuxcare.4 already contains both doOnDiscard handlers that prevent the multipart memory leak vulnerability. The fixes were applied via TuxCare backport commit a6b78f2a1c on May 19, 2026 under CVE-2026-22740, which appears to be the same or closely related vulnerability as CVE-2026-41840." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:0cd90e08-68f5-5429-87c9-eb7171c0e90f", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.20-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:884b5cf2-402c-597b-8ca0-34f7044a5fec", "id": "CVE-2026-41842", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41842 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1886daf1-53a6-5699-8e75-9969c9e2eab4", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.20-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:4013e08a-e926-574e-a2f1-b1137d53ce93", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.20-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1bfd8597-8e6b-5eca-ac15-b0116ba8429c", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:0b9d5012-8008-52c5-b1ad-9d614008998a", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 6.1.20-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e98b60d2-953a-5487-9456-7b7026c3a415", "id": "CVE-2026-41848", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41848 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:667d0b77-721a-576d-9489-2e56f754d04f", "id": "CVE-2026-41850", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41850 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:395d0bfd-fb4c-5314-a635-5e906525758d", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.20-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:81460619-9cd0-5ae0-b4d1-c41bc0e76704", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 6.1.20-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:4eb4285f-a465-5fd7-bdcc-fed05a758b90", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.20-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:5c540e05-09ac-59ae-af90-86729574b781", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 6.1.20-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.5" } ] }