{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:b9631720-46f6-5eda-9c21-ed12caa51e22", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-core-test@6.1.20-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-core-test", "version": "6.1.20-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-core-test@6.1.20-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:8a71168a-4466-5b54-8889-906b54c1473b", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.20-tuxcare.3 of org.springframework:spring-core-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core-test@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c7cb2d58-52f0-5ad3-a237-c274a977dee5", "id": "CVE-2025-41234", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41234 is fixed in version 6.1.20-tuxcare.3 of org.springframework:spring-core-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core-test@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ecd773bf-d6ce-5f75-9aee-078f07eea7d7", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 6.1.20-tuxcare.3 of org.springframework:spring-core-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core-test@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c28c68c8-c813-598b-b858-36668e02ead9", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 6.1.20-tuxcare.3 of org.springframework:spring-core-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core-test@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1922a497-3e0c-5225-a1fa-8c98fcb88a20", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 6.1.20-tuxcare.3 of org.springframework:spring-core-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core-test@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1a1b44fa-8814-521f-a15e-dd61536a8314", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 6.1.20-tuxcare.3 of org.springframework:spring-core-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core-test@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:aa5718b1-0817-5dfc-a753-14823d7e093f", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 6.1.20-tuxcare.3 of org.springframework:spring-core-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core-test@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a153c0fb-3942-5670-bf07-3194aff0addc", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 6.1.20-tuxcare.3 of org.springframework:spring-core-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core-test@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:da96b323-e73d-5565-8122-eb6951dd128b", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 6.1.20-tuxcare.3 of org.springframework:spring-core-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core-test@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:03640aa3-6ee1-566c-b75f-e4dd004680d4", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 6.1.20-tuxcare.3 of org.springframework:spring-core-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core-test@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8fda4e87-0956-5011-9662-549e31a10bef", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 6.1.20-tuxcare.3 of org.springframework:spring-core-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core-test@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2dc6013b-4338-5063-849e-210095a5c3e9", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 6.1.20-tuxcare.3 of org.springframework:spring-core-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core-test@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:900f29b8-5492-5db1-8f6a-b52f783e4f92", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.20-tuxcare.3 of org.springframework:spring-core-test. already_fixed \u2014 Spring Framework 6.1.20-tuxcare.4 already contains both doOnDiscard handlers that prevent the multipart memory leak vulnerability. The fixes were applied via TuxCare backport commit a6b78f2a1c on May 19, 2026 under CVE-2026-22740, which appears to be the same or closely related vulnerability as CVE-2026-41840." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core-test@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:03d066c5-2053-589e-aa68-5b5fca082a1b", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.20-tuxcare.3 of org.springframework:spring-core-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core-test@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:10e34748-c497-5a24-8f51-c60eedcdc3aa", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 6.1.20-tuxcare.3 of org.springframework:spring-core-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core-test@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1d7a9a43-19b7-5992-ba8c-5be416ca50be", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.20-tuxcare.3 of org.springframework:spring-core-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core-test@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:32db5f97-4fbd-5342-b0dd-dd87d57e4b7d", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.20-tuxcare.3 of org.springframework:spring-core-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core-test@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d74d0285-3f0a-51ad-9786-af262db8aac3", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 6.1.20-tuxcare.3 of org.springframework:spring-core-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core-test@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ee3d326a-bd7e-526b-b87a-841481da06ee", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 6.1.20-tuxcare.3 of org.springframework:spring-core-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core-test@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6fce2841-cc43-5612-8394-882ab359e3a4", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 6.1.20-tuxcare.3 of org.springframework:spring-core-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core-test@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5892a538-3428-5305-a1f2-e14c5f1e4193", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 6.1.20-tuxcare.3 of org.springframework:spring-core-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core-test@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:dc1982b5-2980-511d-a157-a91c3c931a2d", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.20-tuxcare.3 of org.springframework:spring-core-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core-test@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9424ecae-03c0-5a8b-a315-0089aed7c82d", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 6.1.20-tuxcare.3 of org.springframework:spring-core-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core-test@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cdafb32e-f43d-52d7-9df5-444c3541b165", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.20-tuxcare.3 of org.springframework:spring-core-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core-test@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a3203753-0923-5077-bca5-cd56d26171bb", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 6.1.20-tuxcare.3 of org.springframework:spring-core-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core-test@6.1.20-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-core-test@6.1.20-tuxcare.3" } ] }