{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:23350ce5-69d9-5aae-a56d-6837a874f76d", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-aspects@6.1.20-tuxcare.5", "type": "library", "group": "org.springframework", "name": "spring-aspects", "version": "6.1.20-tuxcare.5", "purl": "pkg:maven/org.springframework/spring-aspects@6.1.20-tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:bd7039d3-cdcf-54cd-9337-85869fbfcdfa", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.20-tuxcare.5 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a6e12afa-8f11-56c5-bf58-b870ab49417a", "id": "CVE-2025-41234", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41234 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:667e817d-048f-57da-9baf-089d43d17dcf", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 6.1.20-tuxcare.5 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:726a9544-8a2f-5844-a199-bc45883aac7a", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 6.1.20-tuxcare.5 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:4d430901-d6df-5ee3-915a-cd7176da9237", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 6.1.20-tuxcare.5 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3e1e1644-4b6f-5b38-b7f4-6bef2ea7a43c", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:220e3d61-b875-597f-80c3-1de18947010d", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d9641d4a-136f-51fa-8690-bec037bc3851", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:0808c9d1-2803-5d12-bd58-140c0a937083", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:488dee5b-a030-5037-b850-d03121ce3ac4", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:40bbc26e-6183-5d96-843c-20c0a92a9f2d", "id": "CVE-2026-41838", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41838 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:464bd46d-9c76-5155-958d-26fc60b44a07", "id": "CVE-2026-41839", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41839 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:94e40d10-107d-5b15-ae2a-c9a8e8d0895d", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.20-tuxcare.5 of org.springframework:spring-aspects. already_fixed \u2014 Spring Framework 6.1.20-tuxcare.4 already contains both doOnDiscard handlers that prevent the multipart memory leak vulnerability. The fixes were applied via TuxCare backport commit a6b78f2a1c on May 19, 2026 under CVE-2026-22740, which appears to be the same or closely related vulnerability as CVE-2026-41840." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:29011812-5ab6-51b7-9890-e84faa13ccd6", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.20-tuxcare.5 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9ee36ddf-6082-5fbb-a4b2-fbd2126d3a5a", "id": "CVE-2026-41842", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41842 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a33f3c4f-8ec1-550c-a61a-fc5318d8eee9", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.20-tuxcare.5 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:bfff61ae-0f78-5d09-9681-85fa683deecc", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.20-tuxcare.5 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:471a0590-df20-5015-ad45-71a286db6626", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1ac98c60-40a2-5b55-9c82-efc72e63cff6", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 6.1.20-tuxcare.5 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3f297dec-2824-5246-8ba1-0b3d7ba584c1", "id": "CVE-2026-41848", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41848 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e28a7d7a-602e-5d34-8dbe-9b61260a1a28", "id": "CVE-2026-41850", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41850 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:80b6fd00-5d62-5b10-9921-d4ff3e238552", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.20-tuxcare.5 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f148ca87-6106-5912-9052-729bb057e179", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 6.1.20-tuxcare.5 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d993ccb5-a1b9-5947-9498-cbf6f6fc224a", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.20-tuxcare.5 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:0f99f564-118f-5e22-9aff-cc5fbf087620", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 6.1.20-tuxcare.5 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.20-tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.20-tuxcare.5" } ] }