{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:694abe94-0bec-55bd-bc43-c4c43b54d62e", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-oxm@6.1.20-tuxcare.5", "type": "library", "group": "org.springframework", "name": "spring-oxm", "version": "6.1.20-tuxcare.5", "purl": "pkg:maven/org.springframework/spring-oxm@6.1.20-tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:60476ff1-bab6-5932-8dde-84ffff40a09d", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.20-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c2bf7f9d-f4f0-5817-a61e-053b1586bdd7", "id": "CVE-2025-41234", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41234 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3caace83-2701-5f71-98ae-605f4e8be090", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 6.1.20-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1f77e8ab-270b-5ef2-8219-896889c906a2", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 6.1.20-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:961a4a83-e724-58b1-bac0-3abeb42d9b40", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 6.1.20-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c45862b0-13c0-5e63-8092-4a9dbad2c385", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f79b0206-c8a4-569c-afe4-1830c5004f28", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e380fc46-59af-5125-8862-b3fafd54a911", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9813b379-4c25-503a-961a-f4a7f6031509", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:24938263-17f8-5c96-b8ba-9bf6fe9525b6", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ec720bdb-520a-5c08-9d62-42fea2a81e3a", "id": "CVE-2026-41838", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41838 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:37f36801-ec17-532c-9e80-deae4e166a7e", "id": "CVE-2026-41839", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41839 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:703ced50-8ec0-5d67-aeea-46ee951a08e2", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.20-tuxcare.5 of org.springframework:spring-oxm. already_fixed \u2014 Spring Framework 6.1.20-tuxcare.4 already contains both doOnDiscard handlers that prevent the multipart memory leak vulnerability. The fixes were applied via TuxCare backport commit a6b78f2a1c on May 19, 2026 under CVE-2026-22740, which appears to be the same or closely related vulnerability as CVE-2026-41840." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ccfeebc0-17c6-51bd-aef4-b189a5447100", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.20-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:12bd3b5b-e5c8-586c-95e8-cf881f8eced1", "id": "CVE-2026-41842", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41842 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:180f2fe6-b9ea-5039-bfba-8678e69a34d9", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.20-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:4ff52f7a-7d9e-5566-ae74-c09e64d8cfdf", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.20-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:4e4429de-21ce-578a-bd1d-50e31a669be7", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e9e6fcbb-d686-5b2c-a206-b2465be3eb47", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 6.1.20-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:047e0228-46f4-5797-9f54-dfead32df042", "id": "CVE-2026-41848", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41848 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d1fc580d-e249-58e3-a6ea-958fdcbd0132", "id": "CVE-2026-41850", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41850 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:5c1da540-65ad-57f4-867e-02dd8c64aea6", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.20-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:0c62ae64-ff4e-53a8-bee6-b7df2d07f2ef", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 6.1.20-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:226e7c83-f212-573e-9d3b-40639af186cf", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.20-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:61c37227-6b20-579c-af09-188cf2738bc0", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 6.1.20-tuxcare.5 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@6.1.20-tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-oxm@6.1.20-tuxcare.5" } ] }