{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:fbbe995d-82eb-5cf7-bf0f-928ac09bb159", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jcl@6.1.21-tuxcare.7", "type": "library", "group": "org.springframework", "name": "spring-jcl", "version": "6.1.21-tuxcare.7", "purl": "pkg:maven/org.springframework/spring-jcl@6.1.21-tuxcare.7" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:2a6bd119-c839-55bb-b419-88f8a751f0e1", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.21-tuxcare.7 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:5024f67d-e50b-587b-8bb7-bbf0b87aab87", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:b636dcbf-fffc-56cb-a451-d9de12f5ac9d", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:3641461f-2745-581f-998f-62dcaad30102", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:eadf8918-c085-5964-b098-47dabec6ef3b", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:a49b6f1d-c793-55eb-b4d0-687b616605e0", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:e010937d-d19f-52af-9e0f-9de7f672035f", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:ad0082e8-3d5d-58d1-89eb-6afbc5fc60ec", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:5027ed78-1b18-5f83-a413-c953f958ec30", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:beed7db9-3452-5593-898c-913ba5d8e94a", "id": "CVE-2026-41838", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41838 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:b71b31cb-e1c6-548e-9d7b-653d1ee04c54", "id": "CVE-2026-41839", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41839 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:f7c8df3b-6656-566e-a616-095ee37d16ee", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.21-tuxcare.7 of org.springframework:spring-jcl. already_fixed \u2014 The target repository (Spring Framework 6.1.21-tuxcare.6) already contains both upstream patches that address CVE-2026-41840. The fixes were previously applied as part of TuxCare backports for CVE-2026-22740 (commit d8aa04a97f, 2026-06-08) and memory leak fixes (commit e7c90921fd, 2026-04-29). Both doOnDiscard handlers are present in the current code, preventing resource exhaustion from multipa..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:055d58f5-b093-5bbe-9d18-77d8eb57924c", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.21-tuxcare.7 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:9dc0eabe-2c14-543d-b695-285d8a1752da", "id": "CVE-2026-41842", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41842 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:3b9c7616-301f-5b6a-88ec-961b433b7c03", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.21-tuxcare.7 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:f056ea6a-189e-5870-bdad-2be18fd76d20", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.21-tuxcare.7 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:0cfc34b4-529d-5f2a-9c9e-9a7dd04350e8", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:622a6d49-a06d-5149-a7a9-5a5685b93214", "id": "CVE-2026-41846", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41846 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:f69bf2fa-cd44-5940-98f8-09c45798ae4f", "id": "CVE-2026-41848", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41848 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:21516209-a17f-55b9-913f-ba8703e8cf9a", "id": "CVE-2026-41850", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41850 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:1d57c2ca-7b27-544b-bff7-4c282d7aeb50", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.21-tuxcare.7 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:43600037-1632-55de-beb5-83acb171b024", "id": "CVE-2026-41852", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41852 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:a48b54eb-e735-52ff-b286-7d95857af21d", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.21-tuxcare.7 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:36b81406-8298-5717-869d-18ebdc369dd6", "id": "CVE-2026-41855", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41855 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@6.1.21-tuxcare.7" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jcl@6.1.21-tuxcare.7" } ] }