{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3a323b42-f4c0-5176-966d-344b10b5e1c2", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-aspects@6.1.21-tuxcare.7", "type": "library", "group": "org.springframework", "name": "spring-aspects", "version": "6.1.21-tuxcare.7", "purl": "pkg:maven/org.springframework/spring-aspects@6.1.21-tuxcare.7" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:13c7fa10-5c77-54e1-be53-eff9b71ff282", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.21-tuxcare.7 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:28f6a494-4b84-575f-997f-b518b1e0f469", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:440d30ed-232d-5065-b15d-f72f25d0aef8", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:abb1eac8-9768-5f76-8dad-9af0f25e109a", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:836d8131-4742-5275-96cf-93e182c725d8", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:88d24641-d09f-551f-994e-fd39a0ad25f5", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:9fa85788-1d13-587a-b74e-55a59644f837", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:0b78a50b-2669-52fa-b950-c54901413523", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:abd68e18-8dcd-5f90-9d6c-6e65ade7f0a7", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:c8bc1ce8-35ea-5c35-aa0a-93c3f3bfcd18", "id": "CVE-2026-41838", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41838 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:49ed438b-3793-56d6-adf1-25ac1aaad6c3", "id": "CVE-2026-41839", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41839 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:e9f03ec7-d601-51f7-9d7d-39e524fc12ce", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.21-tuxcare.7 of org.springframework:spring-aspects. already_fixed \u2014 The target repository (Spring Framework 6.1.21-tuxcare.6) already contains both upstream patches that address CVE-2026-41840. The fixes were previously applied as part of TuxCare backports for CVE-2026-22740 (commit d8aa04a97f, 2026-06-08) and memory leak fixes (commit e7c90921fd, 2026-04-29). Both doOnDiscard handlers are present in the current code, preventing resource exhaustion from multipa..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:0e6e39fd-6148-5599-9d5c-ecdea1859b35", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.21-tuxcare.7 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:586e455e-ad68-5c5b-8c97-4cee1126cb21", "id": "CVE-2026-41842", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41842 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:8415e788-3b7d-591c-a1c9-3c2b619a37d6", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.21-tuxcare.7 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:88c11ff6-e1d2-511e-a51c-dcd889ca847c", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.21-tuxcare.7 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:7b399f2a-28e2-50bc-8dda-cf8be96b353c", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:dda63113-fbe3-50dc-80d3-ef64349e864f", "id": "CVE-2026-41846", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41846 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:584b8159-b237-59c4-8fe9-bf0fcf5b609a", "id": "CVE-2026-41848", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41848 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:6de3b73c-141c-56b3-a655-dbc99d4a17ac", "id": "CVE-2026-41850", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41850 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:5c8783d4-f390-5eb2-801a-335726523ea3", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.21-tuxcare.7 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:6ae1add0-ad5c-580d-a9f1-3c595c96e489", "id": "CVE-2026-41852", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41852 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:6be5e0c4-ce6a-5dda-a876-b97ef79460b6", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.21-tuxcare.7 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:4c5d1f11-75bd-5e8a-98b1-986443fc1d65", "id": "CVE-2026-41855", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41855 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.21-tuxcare.7" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.21-tuxcare.7" } ] }