{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:94b491af-c424-5dc2-b17b-0e6d2d45818e", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.6", "type": "library", "group": "org.springframework", "name": "spring-aop", "version": "6.1.20-tuxcare.6", "purl": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.6" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:02d2de72-df62-5f9c-83d4-c3c62f8946f3", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.20-tuxcare.6 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:e2fbc083-e6e0-55c8-bfa9-e1d6dae01441", "id": "CVE-2025-41234", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41234 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:895fb3ae-dedf-5903-bc43-1e6d6514f6db", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 6.1.20-tuxcare.6 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:9cd055de-8c0a-5f56-848f-a7ddc378df52", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 6.1.20-tuxcare.6 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:3fcefd44-8c74-50e6-9efa-3ea837a8a0a5", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 6.1.20-tuxcare.6 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:25950f9f-68fa-5d1c-a2aa-9036f4fabced", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:d55bd5ea-30b3-557b-8af9-a1e165b905f7", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:1cb456be-71ac-583b-8718-855be46c0d1e", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:c6087e7a-49ed-53ae-97ec-83583295b49f", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:41d26ec4-ff73-5b62-9224-3a01620ec7c3", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:2e9f77bf-d480-5314-9c02-5d9c64acd659", "id": "CVE-2026-41838", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41838 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:1baaa248-68aa-5c68-b5af-48b1887770d8", "id": "CVE-2026-41839", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41839 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:b7c4048b-39ae-5131-83fc-4f304707c208", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.20-tuxcare.6 of org.springframework:spring-aop. already_fixed \u2014 Spring Framework 6.1.20-tuxcare.4 already contains both doOnDiscard handlers that prevent the multipart memory leak vulnerability. The fixes were applied via TuxCare backport commit a6b78f2a1c on May 19, 2026 under CVE-2026-22740, which appears to be the same or closely related vulnerability as CVE-2026-41840." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:7e534812-50f6-5838-a813-94d83cb7d8d8", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.20-tuxcare.6 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:dd7030ca-2f43-5b5d-bc5c-9acf352df7ae", "id": "CVE-2026-41842", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41842 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:4580265e-a788-5441-9da7-018a479d56ac", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.20-tuxcare.6 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:e5c0fd51-c771-5f89-82e8-d7b5bb3f65ad", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.20-tuxcare.6 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:3dfe41f2-96f2-5cce-a99f-8a4aec2af72f", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:78954ed7-1325-5eb8-95dc-4d8382800669", "id": "CVE-2026-41846", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41846 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:c8264445-47ce-5747-91d6-e296ec1aacf8", "id": "CVE-2026-41848", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41848 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:36cfa2e2-43c1-5dfa-b6ce-ddffcae404d7", "id": "CVE-2026-41850", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41850 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:0d5a3149-9bd0-56c5-875b-df664a27c52b", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.20-tuxcare.6 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:0e89fb92-173b-5357-8d62-ee78a826d4ee", "id": "CVE-2026-41852", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41852 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:ba1c0847-35f8-5c46-9cb9-ea4d311b5fe8", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.20-tuxcare.6 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:aee267d3-1ec8-5179-8e23-e02a830bf4e8", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 6.1.20-tuxcare.6 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.6" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.6" } ] }