{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:ff5f0626-9c42-50a4-86bc-57b7849121d0", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jdbc@6.1.20-tuxcare.5", "type": "library", "group": "org.springframework", "name": "spring-jdbc", "version": "6.1.20-tuxcare.5", "purl": "pkg:maven/org.springframework/spring-jdbc@6.1.20-tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:8cc31097-e9a5-5fef-aa1d-17b2cc375987", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.20-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:52d337d0-2310-5d48-be15-af70bd22608a", "id": "CVE-2025-41234", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41234 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:15801823-4fcf-5977-b292-5e65bbc8879d", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 6.1.20-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1c4e4133-461b-54c8-b3e2-4be9e971f8f8", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 6.1.20-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:edcfe954-ef49-5c41-89ed-28f53985236c", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 6.1.20-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e2e0135a-af11-58a6-a8a2-9162f7bc8d66", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:4af252ff-8f54-5b3a-b3cd-fe1b35810363", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b75ac02b-d672-5e0a-9dbb-2bc087a72a2c", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1916b89b-2fd0-5e8c-9108-6f76da91e517", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:5ba000d2-d147-5dfc-b90f-5b2199dbc364", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:704b1d7d-14f8-592f-a524-5852ffe5fcab", "id": "CVE-2026-41838", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41838 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:dc804900-8193-57e0-9465-2f1328977fc4", "id": "CVE-2026-41839", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41839 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:48982ae7-7fcb-5aad-ab60-4b9f7efbeb3c", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.20-tuxcare.5 of org.springframework:spring-jdbc. already_fixed \u2014 Spring Framework 6.1.20-tuxcare.4 already contains both doOnDiscard handlers that prevent the multipart memory leak vulnerability. The fixes were applied via TuxCare backport commit a6b78f2a1c on May 19, 2026 under CVE-2026-22740, which appears to be the same or closely related vulnerability as CVE-2026-41840." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9f67702b-c7ee-5add-bc95-f56ca1666206", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.20-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:fa638e10-59e9-54b4-b76b-9a3a5fcb712b", "id": "CVE-2026-41842", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41842 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d32a2a06-bf14-5506-a581-2ff7bbc78984", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.20-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:88153a61-4407-522c-9a1e-3af4514f9f39", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.20-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ef65e7b8-61c9-5407-8570-b53f2d66c8cc", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b2fd49ae-ba44-5d24-8ad7-3f86ac255d4c", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 6.1.20-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d289cd65-eae4-5ab8-980d-97a19ad22594", "id": "CVE-2026-41848", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41848 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3e9aad66-6698-5021-8acc-1e217b04ca59", "id": "CVE-2026-41850", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41850 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:03c307fd-6112-5f8e-9f1a-2489c3f6d16e", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.20-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:aa6366f9-3156-50cb-936a-544f4a94146c", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 6.1.20-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:6aab05e8-8bff-55f2-9328-fed58331ffe2", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.20-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7629ecb2-a31d-53ba-8863-c0618ec772a2", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 6.1.20-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.20-tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.20-tuxcare.5" } ] }