{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:dcf9228c-db37-53fc-b85b-5428586fbbeb", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-core-test@6.1.20-tuxcare.6", "type": "library", "group": "org.springframework", "name": "spring-core-test", "version": "6.1.20-tuxcare.6", "purl": "pkg:maven/org.springframework/spring-core-test@6.1.20-tuxcare.6" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:ee87d8cf-3959-520b-bd47-120c72cc0fb7", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.20-tuxcare.6 of org.springframework:spring-core-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core-test@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:cc3b6070-4715-582e-98a5-06e5c0d20b8d", "id": "CVE-2025-41234", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41234 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-core-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core-test@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:2161477d-c6ab-5c96-9e8b-7a368e629b72", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 6.1.20-tuxcare.6 of org.springframework:spring-core-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core-test@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:b26e67ea-a72d-5a88-8e0b-71576a7475e5", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 6.1.20-tuxcare.6 of org.springframework:spring-core-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core-test@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:91496209-192b-5fca-960b-e2e8067369bf", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 6.1.20-tuxcare.6 of org.springframework:spring-core-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core-test@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:d8feae8d-0a13-5c2b-9908-3246f66c063d", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-core-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core-test@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:1650b7c1-bc10-5d49-896f-817b186703eb", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-core-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core-test@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:ebe75da9-bddc-50bd-a594-3722c33dbe50", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-core-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core-test@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:057fd317-7f3e-589c-9da0-12034a1bf3d6", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-core-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core-test@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:bd75b999-c4c6-5755-901a-8f7b032ba59d", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-core-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core-test@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:a2c54fe5-a59b-5262-af4a-4fa540f1940a", "id": "CVE-2026-41838", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41838 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-core-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core-test@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:6c033ace-f91d-5dc9-b6ff-4f9f851f0106", "id": "CVE-2026-41839", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41839 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-core-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core-test@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:e5bf9796-8f03-55ff-9332-151993fc4fd8", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.20-tuxcare.6 of org.springframework:spring-core-test. already_fixed \u2014 Spring Framework 6.1.20-tuxcare.4 already contains both doOnDiscard handlers that prevent the multipart memory leak vulnerability. The fixes were applied via TuxCare backport commit a6b78f2a1c on May 19, 2026 under CVE-2026-22740, which appears to be the same or closely related vulnerability as CVE-2026-41840." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core-test@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:b046d6da-e96a-52d2-aedc-8aaf69193a5e", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.20-tuxcare.6 of org.springframework:spring-core-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core-test@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:a7c33499-cd5f-5f5d-bd46-08f7c68d4a82", "id": "CVE-2026-41842", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41842 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-core-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core-test@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:707f2494-dd21-53bc-9413-2452470bcea0", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.20-tuxcare.6 of org.springframework:spring-core-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core-test@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:940a49d4-dc09-5bbf-afbb-886720da9fa5", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.20-tuxcare.6 of org.springframework:spring-core-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core-test@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:f206f182-3ddc-5697-b511-211d4d9fe2ed", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-core-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core-test@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:ee6ef6ad-b7bb-5699-978d-504f53b05d4d", "id": "CVE-2026-41846", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41846 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-core-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core-test@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:75078695-e6b6-5f98-af4c-64ed5f3f2fb9", "id": "CVE-2026-41848", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41848 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-core-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core-test@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:2dd8d1b9-b23e-5a79-8ed7-bad0674b07de", "id": "CVE-2026-41850", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41850 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-core-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core-test@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:d8862981-7c76-52a6-a5cc-8435453f2c83", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.20-tuxcare.6 of org.springframework:spring-core-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core-test@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:3899fb52-df5d-5bdc-ab5a-bf594bae6d21", "id": "CVE-2026-41852", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41852 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-core-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core-test@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:0a3aec02-10c8-5afa-a443-fdc1a8b1f895", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.20-tuxcare.6 of org.springframework:spring-core-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core-test@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:b2cb4c43-5857-59cd-a418-feac17fa5007", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 6.1.20-tuxcare.6 of org.springframework:spring-core-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core-test@6.1.20-tuxcare.6" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-core-test@6.1.20-tuxcare.6" } ] }