{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:1bcc19f5-6ee6-557f-af70-b6a588fdb357", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.5", "type": "library", "group": "org.springframework", "name": "spring-test", "version": "6.1.20-tuxcare.5", "purl": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:3af41c45-76d3-5c4b-8386-8e5da37e8e50", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.20-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d3174c3a-9dc3-574c-8380-6973bf439274", "id": "CVE-2025-41234", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41234 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f3c9351e-e6ad-5acd-99e5-2f28cfbf3c76", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 6.1.20-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a994cdb3-948f-5a75-aaa0-18b088eda36b", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 6.1.20-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1a729a82-7c6f-52f5-b4bf-9d2c002b2b5d", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 6.1.20-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:13ae3a48-35a3-51d2-9c71-0cf2ef777b3c", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c5c9a6f7-2e13-547a-9d46-f6dd0c4964bb", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:2e51af0b-05b7-5764-93be-563940f4455e", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f13c7308-a248-5e16-9f9b-f16feacfb65f", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:4f7f366d-03b3-5461-998a-c91fecc42d99", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:dc73bdf9-eae5-5260-b776-d699c27e4b99", "id": "CVE-2026-41838", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41838 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ddadd390-7bdb-5f5d-93ba-ce8b658a76bd", "id": "CVE-2026-41839", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41839 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c0345f11-75f0-5b9a-8e2a-40300280c844", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.20-tuxcare.5 of org.springframework:spring-test. already_fixed \u2014 Spring Framework 6.1.20-tuxcare.4 already contains both doOnDiscard handlers that prevent the multipart memory leak vulnerability. The fixes were applied via TuxCare backport commit a6b78f2a1c on May 19, 2026 under CVE-2026-22740, which appears to be the same or closely related vulnerability as CVE-2026-41840." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:07b379ea-1d4f-547e-b077-38078ef09a41", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.20-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:0109304b-dd57-55a8-888f-5a6b20b70a63", "id": "CVE-2026-41842", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41842 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c512c0d1-b8f9-50f9-a965-5b942efe0432", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.20-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ba30c589-8df8-5e4d-b755-bd4037c8d3b4", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.20-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:451b4c1a-f2b7-5230-b271-b586965e5671", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7b2b35fb-f26a-5629-9539-1e99910b25d9", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 6.1.20-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f54bc151-39b5-532e-b8bb-5fc63c4cb706", "id": "CVE-2026-41848", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41848 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:4643831b-2d5d-59fa-90f2-6fca565cf945", "id": "CVE-2026-41850", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41850 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:097086b7-ffae-5e50-885e-e54fecd5a0f7", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.20-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:40b0a06b-1419-50cc-90e2-63dcf2888098", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 6.1.20-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:cbe9dcff-50c9-52be-b717-24a82a87b735", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.20-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:895aceb8-2124-5da5-b728-a27013acae91", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 6.1.20-tuxcare.5 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.5" } ] }