{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:1e6ecf27-20a2-5fe7-9af9-cd9a142c5e1c", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.7", "type": "library", "group": "org.springframework", "name": "spring-context-support", "version": "6.1.21-tuxcare.7", "purl": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.7" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:66fd2459-6201-5697-a7e7-6212c72f3e89", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.21-tuxcare.7 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:65337b29-7877-56b8-b005-bd1328fc99cd", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:93308016-fe54-5819-9113-187638cd2f4a", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:1f8cba1f-46f3-506a-bd82-f5a00ef1d2cc", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:4bda65d7-3ad0-5fef-aa07-12c39f3351c2", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:f8ccb63a-d2a9-5bd4-a7af-dae5d57a47aa", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:0944c52c-c8fb-57e1-888d-894dcb17c5ab", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:3786dc18-d3c9-5fd2-a575-364a4c49dcfd", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:ee506806-43f7-50a5-99cb-00434f2aba50", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:7d736990-fca6-5fc6-83d0-7e6c953e81c3", "id": "CVE-2026-41838", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41838 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:8a2feafe-50c7-5405-a5f1-224156e656f0", "id": "CVE-2026-41839", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41839 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:c9f7a918-8578-57f9-bdb9-6b1a8b51ccc3", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.21-tuxcare.7 of org.springframework:spring-context-support. already_fixed \u2014 The target repository (Spring Framework 6.1.21-tuxcare.6) already contains both upstream patches that address CVE-2026-41840. The fixes were previously applied as part of TuxCare backports for CVE-2026-22740 (commit d8aa04a97f, 2026-06-08) and memory leak fixes (commit e7c90921fd, 2026-04-29). Both doOnDiscard handlers are present in the current code, preventing resource exhaustion from multipa..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:aebc75b0-3339-561e-9fa0-386fa8fd2733", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.21-tuxcare.7 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:eb5217d4-7e1f-5c07-906a-ae8a03619934", "id": "CVE-2026-41842", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41842 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:9c0c2241-d7f8-5fa4-856f-0e8ce214da2e", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.21-tuxcare.7 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:9cd93dfd-89ec-56ee-ad0d-40b48748df2a", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.21-tuxcare.7 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:62ef3ff9-bae8-50ba-9a0c-e5662e4114ea", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:df00d78f-44f8-5242-97ed-0018cdd8a8ad", "id": "CVE-2026-41846", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41846 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:98adb4a7-65b2-55e3-8580-65f3328dc571", "id": "CVE-2026-41848", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41848 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:85818c8b-98f4-56af-b429-6254b992048a", "id": "CVE-2026-41850", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41850 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:5dee9f8f-95c3-562b-af0b-4a7aee76a6c0", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.21-tuxcare.7 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:c16987a0-36e4-564d-9985-007f6365a2be", "id": "CVE-2026-41852", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41852 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:0729c814-50a3-516c-a3bd-dadd690a56c3", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.21-tuxcare.7 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:38ce279c-09d2-5629-8206-9f9f22a51e7a", "id": "CVE-2026-41855", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41855 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.7" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.7" } ] }