{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:71ab1b13-4992-5eac-93ca-7bd2390edafc", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-core@6.1.21-tuxcare.5", "type": "library", "group": "org.springframework", "name": "spring-core", "version": "6.1.21-tuxcare.5", "purl": "pkg:maven/org.springframework/spring-core@6.1.21-tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:27e5f52b-e655-5590-8bee-e814a1bbdc8f", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.21-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:40bb402b-dd5d-5cc8-a9ad-13d8ba118890", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 6.1.21-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:8a7f24cb-2d38-5dbd-afcd-8260131635b9", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 6.1.21-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:00259dff-a2ed-5e44-bf25-d1bd8fbcfd63", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 6.1.21-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1b5b2ede-62a9-5af8-9c6b-8fe34bff4d56", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 6.1.21-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:284a3f6d-99b9-5660-a33f-e2a552617d23", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 6.1.21-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:6fcbad2b-19f3-56f3-8caf-71fe882d2de9", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 6.1.21-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:44f7384b-e0ba-5b19-9a46-d25a4209889e", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 6.1.21-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:dbe8cf12-be37-5122-ae9c-c0fa2e7e614e", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 6.1.21-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:6938b6b6-a50b-57ba-b697-599e790dbd0a", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 6.1.21-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ac7726b1-c51b-52f8-9c7a-d5deb40eac75", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 6.1.21-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:862bc160-eec8-5110-b200-bb1a1bfbc440", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.21-tuxcare.5 of org.springframework:spring-core. already_fixed \u2014 The target repository (Spring Framework 6.1.21-tuxcare.6) already contains both upstream patches that address CVE-2026-41840. The fixes were previously applied as part of TuxCare backports for CVE-2026-22740 (commit d8aa04a97f, 2026-06-08) and memory leak fixes (commit e7c90921fd, 2026-04-29). Both doOnDiscard handlers are present in the current code, preventing resource exhaustion from multipa..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:da5e77e5-28c8-5600-86ed-2fffea2658cc", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.21-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:feb3fa3c-4edc-512d-bc40-302cf2ea0e50", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 6.1.21-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:367d96a8-45d7-5105-a65e-c3c90538bd2a", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.21-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e1d9dc40-f2ab-5dbd-b840-20d2fd05a6c8", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.21-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:59017a14-5f09-5667-9423-1596c49837fd", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 6.1.21-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e3b75b14-4ff8-5869-8e58-481defe04514", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 6.1.21-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d011da3e-0c08-564d-bcde-7532c0ded7d7", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 6.1.21-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:bb298cb5-6b32-5569-842c-37ebabd390db", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 6.1.21-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:6b282730-f425-5432-b22f-5c503ae34c71", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.21-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:0d328bf0-7ee4-509a-a04a-565570996d38", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 6.1.21-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:705e5adb-564c-5eb1-a237-a3b2f4f4bfac", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.21-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:8a981f2e-e4a3-51c4-89fe-1aaa99fb123d", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 6.1.21-tuxcare.5 of org.springframework:spring-core." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-core@6.1.21-tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-core@6.1.21-tuxcare.5" } ] }