{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:5ad2c4ad-900c-580c-afff-7d3a6acbaa26", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.7", "type": "library", "group": "org.springframework", "name": "spring-orm", "version": "6.1.21-tuxcare.7", "purl": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.7" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:084e6af7-1c5a-57fd-a17a-94d92b91c191", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.21-tuxcare.7 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:80febeb3-1cb2-5f89-9e92-fd7029608276", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:ea800575-c24c-5b7f-9cb0-1821bc0fbde3", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:24797e55-56ee-5029-ab3e-dc13fd5488cd", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:cd4b302f-b4e0-519b-a2aa-e5db0f57d18f", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:5953a988-ff9c-5c51-a102-80cab9e2397c", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:a3639bab-2f03-59c8-bd84-381a1dca8097", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:2d25f73c-6fb6-5c3c-9c77-52c394b94d39", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:9d78f74c-4253-53b8-96e8-4ce660a4b1f4", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:90f97c4b-07df-5147-b7ce-95968f483890", "id": "CVE-2026-41838", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41838 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:b8e22098-450c-5b1b-87dd-fb66ef01dd77", "id": "CVE-2026-41839", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41839 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:28af365b-618f-57bf-a114-8ac9ffd88bf3", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.21-tuxcare.7 of org.springframework:spring-orm. already_fixed \u2014 The target repository (Spring Framework 6.1.21-tuxcare.6) already contains both upstream patches that address CVE-2026-41840. The fixes were previously applied as part of TuxCare backports for CVE-2026-22740 (commit d8aa04a97f, 2026-06-08) and memory leak fixes (commit e7c90921fd, 2026-04-29). Both doOnDiscard handlers are present in the current code, preventing resource exhaustion from multipa..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:f75ffd30-d262-5e7b-af4a-17c91abd93ea", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.21-tuxcare.7 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:67ddc885-7f8c-5f5d-9907-490bf8688607", "id": "CVE-2026-41842", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41842 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:022a5fe3-4edc-5eb2-89ce-2d2eaeb608af", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.21-tuxcare.7 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:62bed339-4292-580f-82d8-f1a22806ac24", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.21-tuxcare.7 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:8a1217fd-69e1-57c8-97af-eb96bd0f5c55", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:98ffc777-6ad1-508b-8cd1-1ccf65916cec", "id": "CVE-2026-41846", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41846 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:2fa85ff3-cc1d-5933-a44a-f0fab9856745", "id": "CVE-2026-41848", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41848 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:8bb8cca2-2d2f-51c4-9ff8-acb322c03fdc", "id": "CVE-2026-41850", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41850 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:e6f6472a-3b34-50f2-ab15-e5d235ecf7ad", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.21-tuxcare.7 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:b4c7725f-b81c-56a0-89bd-3364b8ae1916", "id": "CVE-2026-41852", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41852 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:d1bddc9d-f4c3-5083-92b0-adc5fa06076b", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.21-tuxcare.7 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:46d9765a-1f8a-51c5-9691-d6df89b57433", "id": "CVE-2026-41855", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41855 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.7" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.7" } ] }