{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:83951513-f2be-523c-8dfa-25287727e86b", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-framework-bom@6.1.21-tuxcare.7", "type": "library", "group": "org.springframework", "name": "spring-framework-bom", "version": "6.1.21-tuxcare.7", "purl": "pkg:maven/org.springframework/spring-framework-bom@6.1.21-tuxcare.7" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:3049219a-fd6a-5d0d-af59-b74f3dda8603", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.21-tuxcare.7 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:197c5e91-77b1-589e-9278-6077a32d18f9", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:89946d0a-8808-554f-94d7-0867b2fb6b87", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:b404b8eb-4651-50a9-ad0a-030ef18b7fc6", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:214869c4-5a12-576e-a9e6-8b3d9b5a4c50", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:f8df25b1-8239-5a94-a9c6-8bbc72ecf16f", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:d0244ab7-c39e-5523-8d8e-115249e4f812", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:d5c9e11f-f072-5eb4-9c0d-22828315f6a3", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:91be9248-0952-57f6-a4a2-d7b27ba1e297", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:f3281707-e435-5a44-8333-283c4f75da78", "id": "CVE-2026-41838", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41838 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:4144d2d5-0434-5c2c-84f6-a9f852178943", "id": "CVE-2026-41839", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41839 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:b16b620c-72c7-5897-bc87-8c53ac75660f", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.21-tuxcare.7 of org.springframework:spring-framework-bom. already_fixed \u2014 The target repository (Spring Framework 6.1.21-tuxcare.6) already contains both upstream patches that address CVE-2026-41840. The fixes were previously applied as part of TuxCare backports for CVE-2026-22740 (commit d8aa04a97f, 2026-06-08) and memory leak fixes (commit e7c90921fd, 2026-04-29). Both doOnDiscard handlers are present in the current code, preventing resource exhaustion from multipa..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:7ea848b4-4222-52dd-aa12-11e712dd866e", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.21-tuxcare.7 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:a45b86b4-cd31-5f76-a3f8-3d2719741054", "id": "CVE-2026-41842", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41842 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:d842eae1-b9be-5b55-a15d-94fdd06997c9", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.21-tuxcare.7 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:91fbc111-105e-5185-b3d8-b679056df461", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.21-tuxcare.7 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:8ac2d17f-fa31-50a9-8b06-33b95af7543f", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:76e01533-52c5-5cc8-a1fe-4eea54acc08d", "id": "CVE-2026-41846", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41846 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:b49cbcc6-3540-585d-a6e2-a30efd3e19e5", "id": "CVE-2026-41848", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41848 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:baaab73d-0a65-5b1a-9463-89e6ee9c2956", "id": "CVE-2026-41850", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41850 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:99c15bd1-2da6-5505-9370-370390078079", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.21-tuxcare.7 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:1c4caf07-5103-5390-a75a-4f9a07f6c401", "id": "CVE-2026-41852", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41852 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:0c10a46c-72d6-5249-83ef-33b02a79b170", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.21-tuxcare.7 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:b4234e49-d353-5caf-897b-4977e1fd2f28", "id": "CVE-2026-41855", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41855 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@6.1.21-tuxcare.7" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@6.1.21-tuxcare.7" } ] }