{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:00f73f6f-4f35-5231-b739-0657ba12824b", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-webmvc@6.1.20-tuxcare.6", "type": "library", "group": "org.springframework", "name": "spring-webmvc", "version": "6.1.20-tuxcare.6", "purl": "pkg:maven/org.springframework/spring-webmvc@6.1.20-tuxcare.6" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:85f2fdb2-2985-55e3-a058-4c011310a006", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.20-tuxcare.6 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:711db537-5e4e-5a21-a6a7-ef3608472dc2", "id": "CVE-2025-41234", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41234 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:ef0d5c2d-7d86-524e-84eb-0d94aedc750d", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 6.1.20-tuxcare.6 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:da0b9b81-5227-5f65-b034-a6c4ea5e69ff", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 6.1.20-tuxcare.6 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:3a6068a0-bda1-5244-8482-9f8e7fd3d2a8", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 6.1.20-tuxcare.6 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:024822fe-a5c4-532d-8b59-b2b6c054a578", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:b30e9d8c-8455-5af8-922c-b3ed066a35a7", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:b6da2f18-2640-55cb-8cb9-6aa5297057e2", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:ba4b68f9-784a-553e-85a2-f000a6e29c03", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:37ec3330-e801-5de0-b55a-1a2163ad577b", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:89ab05bb-3053-5824-bd88-f66826541527", "id": "CVE-2026-41838", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41838 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:1c807707-c7e3-5114-9e50-d7ff027c81e7", "id": "CVE-2026-41839", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41839 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:3c2e16dc-f456-556f-bdd3-b9c153abef30", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.20-tuxcare.6 of org.springframework:spring-webmvc. already_fixed \u2014 Spring Framework 6.1.20-tuxcare.4 already contains both doOnDiscard handlers that prevent the multipart memory leak vulnerability. The fixes were applied via TuxCare backport commit a6b78f2a1c on May 19, 2026 under CVE-2026-22740, which appears to be the same or closely related vulnerability as CVE-2026-41840." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:bf47523e-4e24-5d21-8209-fdf941eb7dd9", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.20-tuxcare.6 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:4c09f7f4-2c9d-52c5-8e5c-a37b92d9871b", "id": "CVE-2026-41842", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41842 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:64d3949e-436c-5570-9204-80d77f334e7f", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.20-tuxcare.6 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:47930faa-0b4e-5a6b-b396-77ba03599ba7", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.20-tuxcare.6 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:cc952712-59ed-53ca-ac5e-a14531e2d849", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:abb5e6a4-0c4a-50ba-9165-46a6ab26e102", "id": "CVE-2026-41846", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41846 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:c6061742-6d62-57f6-9b0e-ce0477510c6c", "id": "CVE-2026-41848", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41848 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:7e505ffe-a754-5c60-bdec-53d01435a931", "id": "CVE-2026-41850", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41850 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:10ef437c-afa7-536c-9128-d248cecccb58", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.20-tuxcare.6 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:0fed27a0-7126-5253-9da8-1f11e5f52b21", "id": "CVE-2026-41852", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41852 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:e0122b45-78e7-5995-a02d-0fba33507085", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.20-tuxcare.6 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:2f77915c-54d2-5197-9910-7e4afc9a520a", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 6.1.20-tuxcare.6 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.20-tuxcare.6" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.20-tuxcare.6" } ] }