{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:7a0ae2ec-4581-5730-989a-1c08c9363e6c", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-beans@6.1.20-tuxcare.5", "type": "library", "group": "org.springframework", "name": "spring-beans", "version": "6.1.20-tuxcare.5", "purl": "pkg:maven/org.springframework/spring-beans@6.1.20-tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:240a139a-ed44-5286-ac8a-637a54ed284c", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.20-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:539f8c2c-bc07-5aae-9095-059c8aa3f0f7", "id": "CVE-2025-41234", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41234 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:5808b17b-251c-547c-971f-fcf45caba1d0", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 6.1.20-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1f44dffd-a65d-5d0c-a168-78dfd6070cef", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 6.1.20-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c3bba254-d5a2-5f20-bbeb-643b573c06a8", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 6.1.20-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:001cca29-4147-5de1-bf4e-688314f9d40f", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7167991a-e2ba-56b7-a9b7-81843d6a282a", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c24d60eb-2d82-53f8-88ad-e84be4981153", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:dc84bf10-c6c6-5b44-b213-3828516d1946", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b4d8a3e1-defa-5947-bf5c-352a574cacf0", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:778a3f43-50b3-55a3-9aa7-197f8a52a36d", "id": "CVE-2026-41838", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41838 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c1d160dc-403d-516e-b8a1-8b4c4390d72b", "id": "CVE-2026-41839", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41839 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1d7ff4ed-b962-58cc-ad0a-fb1254eee05c", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.20-tuxcare.5 of org.springframework:spring-beans. already_fixed \u2014 Spring Framework 6.1.20-tuxcare.4 already contains both doOnDiscard handlers that prevent the multipart memory leak vulnerability. The fixes were applied via TuxCare backport commit a6b78f2a1c on May 19, 2026 under CVE-2026-22740, which appears to be the same or closely related vulnerability as CVE-2026-41840." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9ffed503-7523-5837-824d-022913725c96", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.20-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:8ab2d264-53a4-59d5-8151-f2a15431b665", "id": "CVE-2026-41842", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41842 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:25cb11ac-90ef-5cb8-8c3d-a0ec127140c8", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.20-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:60d3fdf8-ae3a-5685-9257-a63cd280f00d", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.20-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c82b7b0a-5939-5931-8fe8-a0c8ba6312b5", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:be0ee979-f5da-5758-a264-b6ba35cf3eee", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 6.1.20-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:5ec17e99-8af6-530a-a1bc-626fed274184", "id": "CVE-2026-41848", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41848 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:dd13cbe4-33fe-56c6-9852-b8a68bb5e20d", "id": "CVE-2026-41850", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41850 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:8fc08a79-f5eb-5280-a434-07fadff605c3", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.20-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:6a179e2f-65d7-5e4f-97ed-d2379017dc81", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 6.1.20-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:77d0e83c-dbc2-5687-a83c-39b23ad790b8", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.20-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1d3948b3-9054-5be9-8ea4-f2428a9e5cab", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 6.1.20-tuxcare.5 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@6.1.20-tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-beans@6.1.20-tuxcare.5" } ] }