{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:cc310dea-21ba-5418-a175-6a97095b23c4", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.6", "type": "library", "group": "org.springframework", "name": "spring-test", "version": "6.1.20-tuxcare.6", "purl": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.6" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:9918566a-600c-5e83-b0b3-bd7f9541e8d7", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.20-tuxcare.6 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:74cef62e-ca5f-5a2e-b6c0-22524523fd4b", "id": "CVE-2025-41234", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41234 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:f6f1507d-8c52-505c-9fdf-fe551923da3c", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 6.1.20-tuxcare.6 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:ef8e98f4-ab73-521c-96ac-409ab204e0c5", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 6.1.20-tuxcare.6 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:083266e5-399c-5851-ab17-8086550dad97", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 6.1.20-tuxcare.6 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:e131ed50-40d7-5b74-9b1a-d0890001fe83", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:63d0dd26-34ab-57d8-ba49-c05f61796289", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:a1a172fe-587e-5dfc-91b8-5b08544581db", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:3269ca0b-25d8-5d76-b9b5-382d327bed81", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:ababdc8e-d6d2-5ab1-9f6e-a0547763bda4", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:268d7098-0458-5537-8bb5-d898eb7f23b4", "id": "CVE-2026-41838", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41838 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:2691f963-e3bc-5533-8e64-36d0b903cebc", "id": "CVE-2026-41839", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41839 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:cef5f1b5-7eff-57e0-97fe-7dccc0123052", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.20-tuxcare.6 of org.springframework:spring-test. already_fixed \u2014 Spring Framework 6.1.20-tuxcare.4 already contains both doOnDiscard handlers that prevent the multipart memory leak vulnerability. The fixes were applied via TuxCare backport commit a6b78f2a1c on May 19, 2026 under CVE-2026-22740, which appears to be the same or closely related vulnerability as CVE-2026-41840." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:88b8d1a3-7c64-5211-8286-63d4e98b5c7d", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.20-tuxcare.6 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:2446f704-b4cf-5108-891c-9c75fda00f78", "id": "CVE-2026-41842", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41842 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:dd178ea5-e7bd-5c27-82eb-188a78a30156", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.20-tuxcare.6 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:ab589bdf-8838-5de1-bdb0-9fec1ed3b216", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.20-tuxcare.6 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:7396c68d-767c-5865-82c8-82330d9dce4f", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:20e814ab-e013-579f-861d-1cf2ab7d2c9f", "id": "CVE-2026-41846", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41846 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:4fae4061-389e-5477-be48-de4be7146069", "id": "CVE-2026-41848", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41848 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:c1a418ad-2da9-5a50-a800-cf70eff69244", "id": "CVE-2026-41850", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41850 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:7b683e08-fd3b-567f-bec7-9891a2f7c069", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.20-tuxcare.6 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:19159e52-b797-5e6b-8afd-44e3dc47e6ed", "id": "CVE-2026-41852", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41852 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:f9a65479-1428-5a61-ae5f-31f18c2eee95", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.20-tuxcare.6 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:305cb271-9477-5000-bfcb-f6d97f772184", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 6.1.20-tuxcare.6 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.6" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.6" } ] }