{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:229d9371-2023-5d6d-8d63-4e68badd59ce", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-core-test@6.1.21-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-core-test", "version": "6.1.21-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-core-test@6.1.21-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:73d91859-1573-521d-a815-4aec9b09700c", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.21-tuxcare.4 of org.springframework:spring-core-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core-test@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e03a49d6-5913-5fe5-b1a5-beb9878ffea9", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 6.1.21-tuxcare.4 of org.springframework:spring-core-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core-test@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:fd0bcd2c-6985-5175-ae37-acf42b94ad2f", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 6.1.21-tuxcare.4 of org.springframework:spring-core-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core-test@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:809fdaad-94d7-5c55-9c0a-975216f62cbd", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 6.1.21-tuxcare.4 of org.springframework:spring-core-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core-test@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:bb92571e-a653-5ff0-86dd-2260b0a23aaa", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 6.1.21-tuxcare.4 of org.springframework:spring-core-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core-test@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8a488146-87b2-51e9-9460-f77b55d701a1", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 6.1.21-tuxcare.4 of org.springframework:spring-core-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core-test@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:95f5aaba-02a9-5abb-993b-32b1364cde50", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 6.1.21-tuxcare.4 of org.springframework:spring-core-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core-test@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:75cf5e26-07e1-5dc1-8b88-133351901aab", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 6.1.21-tuxcare.4 of org.springframework:spring-core-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core-test@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:352b0e5c-f1e7-5c50-852c-3ae14d83fb55", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 6.1.21-tuxcare.4 of org.springframework:spring-core-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core-test@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b79ed92d-4d53-5a3e-a717-8ee837c14a6a", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 6.1.21-tuxcare.4 of org.springframework:spring-core-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core-test@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a58d1278-0fc2-5b0b-b8cd-4c7db41f817a", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 6.1.21-tuxcare.4 of org.springframework:spring-core-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core-test@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:605460f7-8e35-5708-b91a-dac644d5c135", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.21-tuxcare.4 of org.springframework:spring-core-test. already_fixed \u2014 The target repository (Spring Framework 6.1.21-tuxcare.6) already contains both upstream patches that address CVE-2026-41840. The fixes were previously applied as part of TuxCare backports for CVE-2026-22740 (commit d8aa04a97f, 2026-06-08) and memory leak fixes (commit e7c90921fd, 2026-04-29). Both doOnDiscard handlers are present in the current code, preventing resource exhaustion from multipa..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core-test@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4cca7f35-6160-5385-b303-b5c479cf7a57", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.21-tuxcare.4 of org.springframework:spring-core-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core-test@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:769e3cc5-c808-5e60-9764-6b781f7000b2", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 6.1.21-tuxcare.4 of org.springframework:spring-core-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core-test@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7c56dea6-1080-5155-9ed6-b2d70a86958d", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.21-tuxcare.4 of org.springframework:spring-core-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core-test@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:20a0df9d-7337-59ac-8556-adad9bcf0569", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.21-tuxcare.4 of org.springframework:spring-core-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core-test@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8441d8aa-f934-5b0a-903a-e7fbb5b45600", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 6.1.21-tuxcare.4 of org.springframework:spring-core-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core-test@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6306a38f-cb9d-543d-a294-30d7841d160b", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 6.1.21-tuxcare.4 of org.springframework:spring-core-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core-test@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6745adfc-6765-5e1f-962e-8a9fb7bf4845", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 6.1.21-tuxcare.4 of org.springframework:spring-core-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core-test@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b5fa42e8-098f-5fca-9309-95ef9136cd11", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 6.1.21-tuxcare.4 of org.springframework:spring-core-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core-test@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f0ed917d-6971-54cf-8252-661e6b41ab9f", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.21-tuxcare.4 of org.springframework:spring-core-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core-test@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6922e971-837f-5a37-8def-caa6d0c3bcad", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 6.1.21-tuxcare.4 of org.springframework:spring-core-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core-test@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7ca4c74d-2d86-5133-a17c-2e368a78795b", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.21-tuxcare.4 of org.springframework:spring-core-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core-test@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:fdedaa90-0597-5c8b-8f12-3130a875ed3d", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 6.1.21-tuxcare.4 of org.springframework:spring-core-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core-test@6.1.21-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-core-test@6.1.21-tuxcare.4" } ] }