{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:9acca3ae-80dd-5454-bb07-eb3f097c2a38", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.20-tuxcare.6", "type": "library", "group": "org.springframework", "name": "spring-context-indexer", "version": "6.1.20-tuxcare.6", "purl": "pkg:maven/org.springframework/spring-context-indexer@6.1.20-tuxcare.6" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:12d49525-d353-5ec7-a9e4-8560609f26e0", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.20-tuxcare.6 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:f68b6c79-7000-5222-a8da-313d2018bbc0", "id": "CVE-2025-41234", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41234 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:97e4bd49-bab6-5168-b2e8-5694a32cd1f9", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 6.1.20-tuxcare.6 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:5705b538-d47f-5328-adf1-756ed9a1f37e", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 6.1.20-tuxcare.6 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:cb24acd4-38dc-5b11-a960-7bdc193648ee", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 6.1.20-tuxcare.6 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:7b2da631-a492-5f1c-bf18-e2451001277a", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:c17c5ae5-b924-5faf-b5f1-ac4f06d27170", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:f5f93348-688e-596d-b8bb-ca5c4fcc574d", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:0a50be94-436b-5d81-9a66-2a1b4dd66754", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:89482bb5-9555-5a78-a15b-92ee8bfd2e25", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:23f67c76-a977-51c6-8441-ae11361f1a5c", "id": "CVE-2026-41838", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41838 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:bf5e4e36-2dcf-573c-9589-d44e7f68ae73", "id": "CVE-2026-41839", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41839 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:ab5511c2-a11c-5577-8ac2-3ec425bd0721", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.20-tuxcare.6 of org.springframework:spring-context-indexer. already_fixed \u2014 Spring Framework 6.1.20-tuxcare.4 already contains both doOnDiscard handlers that prevent the multipart memory leak vulnerability. The fixes were applied via TuxCare backport commit a6b78f2a1c on May 19, 2026 under CVE-2026-22740, which appears to be the same or closely related vulnerability as CVE-2026-41840." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:d2c8a0b9-8987-5492-82f8-c6aa6d25b46a", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.20-tuxcare.6 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:0276770a-a332-53df-925c-9877e592546b", "id": "CVE-2026-41842", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41842 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:baa0df07-5901-520f-b383-a765be0fe98a", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.20-tuxcare.6 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:fdb6a279-12f4-5bc6-908b-26ba6d1c5781", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.20-tuxcare.6 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:d0b4e74c-6180-52a7-9ed3-6096ddc5cfed", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:40ac516f-e4df-52d2-85f2-c59fa360c53e", "id": "CVE-2026-41846", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41846 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:9fea5cc6-01d1-541d-b61c-b4cb62d4115c", "id": "CVE-2026-41848", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41848 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:417696a5-cf84-5f13-b1de-d877ca3793e0", "id": "CVE-2026-41850", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41850 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:9e9adbac-a970-5109-9f1c-eb5226f507ba", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.20-tuxcare.6 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:2b6e232b-43d5-5066-8531-4855bcd3fa29", "id": "CVE-2026-41852", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41852 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:5c238e94-962f-5750-8077-816664978297", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.20-tuxcare.6 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:750d4a40-5591-5c3e-b2ef-f98e40c0a685", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 6.1.20-tuxcare.6 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.20-tuxcare.6" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.20-tuxcare.6" } ] }