{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:a87bbb7d-007a-5da4-9d29-459235622e7e", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-core@6.1.21-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-core", "version": "6.1.21-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-core@6.1.21-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:d9d36348-9f96-51c2-9d4d-bc2b132bb940", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.21-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7eca2105-6015-5e78-9f0b-c6c57e28ed58", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 6.1.21-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:02508974-3577-5503-9308-097812da374e", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 6.1.21-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3b64063e-e22d-542f-98f0-335b1c413162", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 6.1.21-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6d47176d-c166-5e08-a0f2-fa3f0e3ee589", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 6.1.21-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ef3bfd86-6bf5-51a3-b202-95ca7c007104", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 6.1.21-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3452e66c-61c5-53f4-8e00-7916199a4f99", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 6.1.21-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:07422e45-b996-52a9-bb6e-9070d6a1ba30", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 6.1.21-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:21722af3-75a2-5d5b-88da-c40abd1dc486", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 6.1.21-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9501fe08-6819-5da9-b4d8-9ecb41b458eb", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 6.1.21-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:997d4035-2efe-5fc7-9faa-3a8889fc8298", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 6.1.21-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:931d4dae-108b-56d5-be9f-e78fd040c8f8", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.21-tuxcare.4 of org.springframework:spring-core. already_fixed \u2014 The target repository (Spring Framework 6.1.21-tuxcare.6) already contains both upstream patches that address CVE-2026-41840. The fixes were previously applied as part of TuxCare backports for CVE-2026-22740 (commit d8aa04a97f, 2026-06-08) and memory leak fixes (commit e7c90921fd, 2026-04-29). Both doOnDiscard handlers are present in the current code, preventing resource exhaustion from multipa..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8807501d-0364-5253-bc8b-d7619146d8de", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.21-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5c54f6c5-3d5e-5b15-ae6a-217da879e374", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 6.1.21-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:81ca9a28-7d3b-58cc-b228-ddfa9f3c5461", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.21-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3fd7fea0-87fd-5a28-8cfd-f7493fe91f92", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.21-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:856fb887-1843-5876-88bf-730b4f528e7e", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 6.1.21-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:94793b62-a1cd-5bf5-82a8-095f3c66dc54", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 6.1.21-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:098bed12-acdb-5819-98a9-c3a63ef0a6da", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 6.1.21-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ceee0598-3489-5bc1-bfc2-2c695e3785b7", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 6.1.21-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:bcae7520-43b5-54a0-92bc-eb719ec835ae", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.21-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:724b0468-7e5a-5f72-85e5-faec4323579d", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 6.1.21-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:dfa2c77f-b7a5-5136-9d66-a75269ff1929", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.21-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:fce25766-6508-5cb7-8448-6ea0faba570a", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 6.1.21-tuxcare.4 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@6.1.21-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-core@6.1.21-tuxcare.4" } ] }