{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:4b0a51c8-aca8-5e29-929b-509a866c63f3", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.6", "type": "library", "group": "org.springframework", "name": "spring-context-support", "version": "6.1.20-tuxcare.6", "purl": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.6" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:a1ef613e-0e50-5ac3-886d-950ae4012379", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.20-tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:573c9be1-45c6-58f6-8d19-eb39973a1573", "id": "CVE-2025-41234", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41234 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:b3210971-e4c6-512e-9cbc-5842440a90e0", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 6.1.20-tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:c8436914-e486-51f6-8dff-0b8a3c43655a", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 6.1.20-tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:96619690-e1db-585f-8ab4-0cc36e2befc5", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 6.1.20-tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:374b5737-4f75-5c1c-a289-3dd7cc937081", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:c51b2e95-c217-5756-b91b-f7225d9ff5c8", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:5b43640b-f199-52c8-88c6-3d410aba7ad6", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:e029b39a-23c2-5e78-aee0-153010bbd0bd", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:c90d7fc1-5dbe-5da8-b601-fa279db89dac", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:e45213a7-963b-5930-8fd3-817043d1fa35", "id": "CVE-2026-41838", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41838 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:20ab171e-7edf-52f3-b046-7f42810b0cad", "id": "CVE-2026-41839", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41839 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:3193fa9e-40d3-5d07-8826-f52c94d671ce", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.20-tuxcare.6 of org.springframework:spring-context-support. already_fixed \u2014 Spring Framework 6.1.20-tuxcare.4 already contains both doOnDiscard handlers that prevent the multipart memory leak vulnerability. The fixes were applied via TuxCare backport commit a6b78f2a1c on May 19, 2026 under CVE-2026-22740, which appears to be the same or closely related vulnerability as CVE-2026-41840." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:d8d24b51-f802-51e3-886b-7c0a9e1700e9", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.20-tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:7b40688e-420f-5dd1-a664-4a8ab0131f0b", "id": "CVE-2026-41842", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41842 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:39eb5e6d-e910-5cc4-a1be-2ba2551bf011", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.20-tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:7959fd1c-a1eb-5d30-be02-721d4f603631", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.20-tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:c244f38f-8d2f-5f9d-93ab-5b8e6f78e95b", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:bf7e6d8b-0d6c-581e-9912-6de0c479d83a", "id": "CVE-2026-41846", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41846 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:37b82576-a2a5-58c3-9288-773c34f3b421", "id": "CVE-2026-41848", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41848 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:ee3dc484-a46d-55a4-a05b-237c2bd7a3c6", "id": "CVE-2026-41850", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41850 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:55718881-93cd-5d4e-8ed3-766b78635c87", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.20-tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:7061ef79-c184-5177-b63e-9dde9649f5ef", "id": "CVE-2026-41852", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41852 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:1d653843-7294-5c52-a123-01c0b220fd67", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.20-tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:c5e2bcd9-6c83-50a6-9aad-6e9eb30bcbff", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 6.1.20-tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.6" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.6" } ] }