{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:a72d4f23-1fc8-55ce-aa3f-d94da9d0e60e", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/framework-docs@6.1.21-tuxcare.1", "type": "library", "group": "org.springframework", "name": "framework-docs", "version": "6.1.21-tuxcare.1", "purl": "pkg:maven/org.springframework/framework-docs@6.1.21-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:1df0f426-b8b6-5b50-88b8-edbab24c96ea", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.21-tuxcare.1 of org.springframework:framework-docs." }, "affects": [ { "ref": "pkg:maven/org.springframework/framework-docs@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6cf68d94-f28e-5336-9d2a-35115f98b855", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 6.1.21-tuxcare.1 of org.springframework:framework-docs." }, "affects": [ { "ref": "pkg:maven/org.springframework/framework-docs@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c17efca8-a8d7-5d35-ba25-0bbf3b1495c2", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 6.1.21-tuxcare.1 of org.springframework:framework-docs." }, "affects": [ { "ref": "pkg:maven/org.springframework/framework-docs@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:70c334bb-bc20-5674-ac1e-2a4c11555c9f", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 6.1.21-tuxcare.1 of org.springframework:framework-docs." }, "affects": [ { "ref": "pkg:maven/org.springframework/framework-docs@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3b388257-6de1-5c4c-95e3-5cfd6ff3f70b", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 6.1.21-tuxcare.1 of org.springframework:framework-docs." }, "affects": [ { "ref": "pkg:maven/org.springframework/framework-docs@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:33e34988-4a04-58c5-9c1b-426ba79f85dd", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 6.1.21-tuxcare.1 of org.springframework:framework-docs." }, "affects": [ { "ref": "pkg:maven/org.springframework/framework-docs@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0839b4b6-0a6a-55a6-82dd-c2b40f30d645", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 6.1.21-tuxcare.1 of org.springframework:framework-docs." }, "affects": [ { "ref": "pkg:maven/org.springframework/framework-docs@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c445aff4-93b8-5ab4-a825-1384b7761c2e", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 6.1.21-tuxcare.1 of org.springframework:framework-docs." }, "affects": [ { "ref": "pkg:maven/org.springframework/framework-docs@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d14ee99d-516d-5fd9-a074-e3671e9fb49a", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 6.1.21-tuxcare.1 of org.springframework:framework-docs." }, "affects": [ { "ref": "pkg:maven/org.springframework/framework-docs@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8b8bb4e6-c6ec-5620-8208-42397d8c37c9", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 6.1.21-tuxcare.1 of org.springframework:framework-docs." }, "affects": [ { "ref": "pkg:maven/org.springframework/framework-docs@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e142cf47-fdec-5d42-a5c8-66ba95119245", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 6.1.21-tuxcare.1 of org.springframework:framework-docs." }, "affects": [ { "ref": "pkg:maven/org.springframework/framework-docs@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:40b272d5-22fe-52c3-9283-7bec7e155ac9", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.21-tuxcare.1 of org.springframework:framework-docs. already_fixed \u2014 The target repository (Spring Framework 6.1.21-tuxcare.6) already contains both upstream patches that address CVE-2026-41840. The fixes were previously applied as part of TuxCare backports for CVE-2026-22740 (commit d8aa04a97f, 2026-06-08) and memory leak fixes (commit e7c90921fd, 2026-04-29). Both doOnDiscard handlers are present in the current code, preventing resource exhaustion from multipa..." }, "affects": [ { "ref": "pkg:maven/org.springframework/framework-docs@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:295aa959-5933-5db1-8a06-f9482501548f", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.21-tuxcare.1 of org.springframework:framework-docs." }, "affects": [ { "ref": "pkg:maven/org.springframework/framework-docs@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:75ad7654-3b49-5fbc-8d05-959a75eca69f", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 6.1.21-tuxcare.1 of org.springframework:framework-docs." }, "affects": [ { "ref": "pkg:maven/org.springframework/framework-docs@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2691c8fd-b728-510f-b60b-5a8adbbb911f", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.21-tuxcare.1 of org.springframework:framework-docs." }, "affects": [ { "ref": "pkg:maven/org.springframework/framework-docs@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:368d2bc3-1d80-5f1b-a17b-d852b4f61378", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.21-tuxcare.1 of org.springframework:framework-docs." }, "affects": [ { "ref": "pkg:maven/org.springframework/framework-docs@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4748749d-e7c1-552b-ab3a-7af25ba34e80", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 6.1.21-tuxcare.1 of org.springframework:framework-docs." }, "affects": [ { "ref": "pkg:maven/org.springframework/framework-docs@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8f39b5e7-2e2d-52aa-a547-abc70274f610", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 6.1.21-tuxcare.1 of org.springframework:framework-docs." }, "affects": [ { "ref": "pkg:maven/org.springframework/framework-docs@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:73cdf318-692a-5779-a7d7-860441548b86", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 6.1.21-tuxcare.1 of org.springframework:framework-docs." }, "affects": [ { "ref": "pkg:maven/org.springframework/framework-docs@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0122681d-a814-5d0a-bbb4-b8998ffe2ab5", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 6.1.21-tuxcare.1 of org.springframework:framework-docs." }, "affects": [ { "ref": "pkg:maven/org.springframework/framework-docs@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:084edd88-0ec0-56f5-8f79-9fe03192ea48", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.21-tuxcare.1 of org.springframework:framework-docs." }, "affects": [ { "ref": "pkg:maven/org.springframework/framework-docs@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d24c1ab5-8625-5cf9-b8c8-8d0075a338df", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 6.1.21-tuxcare.1 of org.springframework:framework-docs." }, "affects": [ { "ref": "pkg:maven/org.springframework/framework-docs@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:087b8841-8e93-571d-b31e-f2bda6db67fe", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.21-tuxcare.1 of org.springframework:framework-docs." }, "affects": [ { "ref": "pkg:maven/org.springframework/framework-docs@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:329525fc-d4d0-59b4-a347-14303d84472b", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 6.1.21-tuxcare.1 of org.springframework:framework-docs." }, "affects": [ { "ref": "pkg:maven/org.springframework/framework-docs@6.1.21-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/framework-docs@6.1.21-tuxcare.1" } ] }