{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:aa0c3676-17aa-5a95-80f9-9df127427974", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.5", "type": "library", "group": "org.springframework", "name": "spring-context", "version": "6.1.20-tuxcare.5", "purl": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:ec59d26e-274f-5667-a083-68310464de19", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.20-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1eea9220-1a12-57d6-a206-7f911030f52f", "id": "CVE-2025-41234", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41234 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:cd869058-3c14-50b3-8708-b236769ec555", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 6.1.20-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:cbe696ac-9153-5c73-8a6d-2f540b86d5d7", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 6.1.20-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:61a6ec78-20b0-5cfb-a1ad-83cdac793be7", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 6.1.20-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:6ca7ca27-84ce-50a5-b2b2-80332f1c42c5", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:67de30a2-b7f8-5fdb-9248-de32755825a3", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:4b91fea8-22a9-5ce5-8f77-bb2e15121d19", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:520dae80-eaa2-5768-9cd2-723b052245b4", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a7aef97f-acbf-5a02-9475-7d50163c9a42", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:27c23b28-5478-54f8-8e5d-7479c7cf5689", "id": "CVE-2026-41838", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41838 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7975ef4e-447d-551c-b095-60d3dd85f589", "id": "CVE-2026-41839", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41839 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:117cd0f6-0649-51bc-925f-243a82fa5f68", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.20-tuxcare.5 of org.springframework:spring-context. already_fixed \u2014 Spring Framework 6.1.20-tuxcare.4 already contains both doOnDiscard handlers that prevent the multipart memory leak vulnerability. The fixes were applied via TuxCare backport commit a6b78f2a1c on May 19, 2026 under CVE-2026-22740, which appears to be the same or closely related vulnerability as CVE-2026-41840." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:944fee10-7ea4-5090-936a-e67dcb51ee04", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.20-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:fe1ea2a8-6fa8-5ff6-80ec-4ba0e191d7ff", "id": "CVE-2026-41842", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41842 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ca56bc45-0690-514e-8c57-3a45b623c824", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.20-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b1a15755-18f3-5d2c-8eaf-92c01e0265ae", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.20-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f3fc7acc-1c67-5ad4-a757-d6ed1b4b2dee", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:96bfdefd-6e8d-5dc8-87aa-a34dbada717b", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 6.1.20-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3d91c3dc-a256-5303-a4a1-b384415ce7c2", "id": "CVE-2026-41848", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41848 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7a711aea-1b26-5658-9486-db28428b25f3", "id": "CVE-2026-41850", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41850 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:0b9032d4-dba2-5639-9175-b33818db73e2", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.20-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:59d2237c-f8a8-5bc9-b0d4-78ae59b4aacf", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 6.1.20-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:574277a4-f256-544e-859e-f7d2f5e04233", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.20-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a84e895d-9e53-5fcf-adf4-0a13981dcfc0", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 6.1.20-tuxcare.5 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.5" } ] }