{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:09e2becf-6b52-58bc-a120-76657d5b5bcc", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context@6.1.21-tuxcare.7", "type": "library", "group": "org.springframework", "name": "spring-context", "version": "6.1.21-tuxcare.7", "purl": "pkg:maven/org.springframework/spring-context@6.1.21-tuxcare.7" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:9b18a27e-014e-5bd6-aad9-7348a9851d2c", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.21-tuxcare.7 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:9ad3085c-5856-568d-be75-213658fe92de", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:1f567c19-27fd-5830-9212-514e209049ea", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:d5d93c79-15f0-5b11-86de-314f6caab50e", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:79fb48ee-20c2-51bc-b198-43341164d67f", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:83814b10-38f3-5bfd-8dc2-342d1fe4253f", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:9a791eb0-be44-57c9-a17e-f9b5fef8f06f", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:73511add-55fd-5646-95a5-f3b099080279", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:c95cc2b2-d448-590e-ac79-4c8d59485d8c", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:9e28c021-2984-5334-8afb-47e8c4fd4604", "id": "CVE-2026-41838", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41838 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:3509202c-6fc5-50ee-873f-4cb6a03230b8", "id": "CVE-2026-41839", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41839 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:25c7f7ad-2cb0-563e-9856-820ae8694ad8", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.21-tuxcare.7 of org.springframework:spring-context. already_fixed \u2014 The target repository (Spring Framework 6.1.21-tuxcare.6) already contains both upstream patches that address CVE-2026-41840. The fixes were previously applied as part of TuxCare backports for CVE-2026-22740 (commit d8aa04a97f, 2026-06-08) and memory leak fixes (commit e7c90921fd, 2026-04-29). Both doOnDiscard handlers are present in the current code, preventing resource exhaustion from multipa..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:c569a89a-7c69-56f4-b65e-6ff3e2c0adfe", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.21-tuxcare.7 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:310982b4-b66d-5fb8-a85b-0be9b3c5cd06", "id": "CVE-2026-41842", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41842 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:1cb3ecce-7181-5090-867e-499d45e34147", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.21-tuxcare.7 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:cf0322cb-f39e-59a6-926a-f174ebe17e37", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.21-tuxcare.7 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:f13370d3-610a-50c1-888f-c44852b4a9cf", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:c6919065-1e14-55df-8732-1a0566dacb03", "id": "CVE-2026-41846", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41846 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:807cdac0-f0a5-5413-9f30-553593a59c25", "id": "CVE-2026-41848", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41848 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:3ce2743a-8890-5605-b834-ae243d895a19", "id": "CVE-2026-41850", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41850 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:459ebe5f-76e2-5476-9e33-f4714cb44327", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.21-tuxcare.7 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:c228151b-b3f4-5acf-b7ae-e869b16d2ff8", "id": "CVE-2026-41852", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41852 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:059c73cf-ae0f-5fd0-b89c-c3127d7d7a94", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.21-tuxcare.7 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:d3cf84ec-02c6-5c1f-9872-d86fe0729986", "id": "CVE-2026-41855", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41855 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.21-tuxcare.7" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.21-tuxcare.7" } ] }