{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:24fafe47-497a-58e5-a636-0075fccbaa60", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/framework-docs@6.1.21-tuxcare.6", "type": "library", "group": "org.springframework", "name": "framework-docs", "version": "6.1.21-tuxcare.6", "purl": "pkg:maven/org.springframework/framework-docs@6.1.21-tuxcare.6" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:9820445d-c149-502b-ac28-cc9af0521bf6", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.21-tuxcare.6 of org.springframework:framework-docs." }, "affects": [ { "ref": "pkg:maven/org.springframework/framework-docs@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:12a87004-2a2d-5d50-8e55-5c2713f64e72", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 6.1.21-tuxcare.6 of org.springframework:framework-docs." }, "affects": [ { "ref": "pkg:maven/org.springframework/framework-docs@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:c7effe43-f7b8-595e-aa82-1cad52a28212", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 6.1.21-tuxcare.6 of org.springframework:framework-docs." }, "affects": [ { "ref": "pkg:maven/org.springframework/framework-docs@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:993c946e-27b7-5c8b-b4ca-40e21a26f4a0", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 6.1.21-tuxcare.6 of org.springframework:framework-docs." }, "affects": [ { "ref": "pkg:maven/org.springframework/framework-docs@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:9fe08ef3-d53a-5d9f-9a39-f6358831c338", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 6.1.21-tuxcare.6 of org.springframework:framework-docs." }, "affects": [ { "ref": "pkg:maven/org.springframework/framework-docs@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:569ef5ef-7269-5cc9-93da-a962f6f9a23b", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 6.1.21-tuxcare.6 of org.springframework:framework-docs." }, "affects": [ { "ref": "pkg:maven/org.springframework/framework-docs@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:fc850c40-4abc-5653-8834-26b7c877390b", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 6.1.21-tuxcare.6 of org.springframework:framework-docs." }, "affects": [ { "ref": "pkg:maven/org.springframework/framework-docs@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:ca0b790a-4cdd-529f-afb8-05bf5d533f5f", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 6.1.21-tuxcare.6 of org.springframework:framework-docs." }, "affects": [ { "ref": "pkg:maven/org.springframework/framework-docs@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:756022c7-afa5-5667-9bbe-05f142d104bb", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 6.1.21-tuxcare.6 of org.springframework:framework-docs." }, "affects": [ { "ref": "pkg:maven/org.springframework/framework-docs@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:bfccf008-5a50-55a6-b26f-2f9c4d2f56e9", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 6.1.21-tuxcare.6 of org.springframework:framework-docs." }, "affects": [ { "ref": "pkg:maven/org.springframework/framework-docs@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:e85c4e2f-dc05-582f-ba3a-418fbd2cd612", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 6.1.21-tuxcare.6 of org.springframework:framework-docs." }, "affects": [ { "ref": "pkg:maven/org.springframework/framework-docs@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:8c19f338-27cc-577a-a0e4-02d9a9e213f1", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.21-tuxcare.6 of org.springframework:framework-docs. already_fixed \u2014 The target repository (Spring Framework 6.1.21-tuxcare.6) already contains both upstream patches that address CVE-2026-41840. The fixes were previously applied as part of TuxCare backports for CVE-2026-22740 (commit d8aa04a97f, 2026-06-08) and memory leak fixes (commit e7c90921fd, 2026-04-29). Both doOnDiscard handlers are present in the current code, preventing resource exhaustion from multipa..." }, "affects": [ { "ref": "pkg:maven/org.springframework/framework-docs@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:df1fa146-6c50-5708-aec1-13ddff9acc3d", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.21-tuxcare.6 of org.springframework:framework-docs." }, "affects": [ { "ref": "pkg:maven/org.springframework/framework-docs@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:f7fd73c0-61d4-5169-b693-e1b33bc8f527", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 6.1.21-tuxcare.6 of org.springframework:framework-docs." }, "affects": [ { "ref": "pkg:maven/org.springframework/framework-docs@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:539c2174-d9ac-5b3e-bdb2-804d6be52c2f", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.21-tuxcare.6 of org.springframework:framework-docs." }, "affects": [ { "ref": "pkg:maven/org.springframework/framework-docs@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:230deae4-448d-5212-918a-42e4485e031c", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.21-tuxcare.6 of org.springframework:framework-docs." }, "affects": [ { "ref": "pkg:maven/org.springframework/framework-docs@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:42ec88f4-356c-5b86-a457-ea18bc20d2f9", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 6.1.21-tuxcare.6 of org.springframework:framework-docs." }, "affects": [ { "ref": "pkg:maven/org.springframework/framework-docs@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:c180a793-1fcc-5f9e-8006-e8a988ac31fc", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 6.1.21-tuxcare.6 of org.springframework:framework-docs." }, "affects": [ { "ref": "pkg:maven/org.springframework/framework-docs@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:e88a17c4-e5f7-5f1d-b60a-33885a9f6872", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 6.1.21-tuxcare.6 of org.springframework:framework-docs." }, "affects": [ { "ref": "pkg:maven/org.springframework/framework-docs@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:7940e0c1-8bcd-576d-a059-c74bb1433089", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 6.1.21-tuxcare.6 of org.springframework:framework-docs." }, "affects": [ { "ref": "pkg:maven/org.springframework/framework-docs@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:b14e052d-0eac-5d5a-9047-b891bf6f229d", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.21-tuxcare.6 of org.springframework:framework-docs." }, "affects": [ { "ref": "pkg:maven/org.springframework/framework-docs@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:d8a96b2e-c631-5e6b-a983-697d0f70240e", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 6.1.21-tuxcare.6 of org.springframework:framework-docs." }, "affects": [ { "ref": "pkg:maven/org.springframework/framework-docs@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:6ca2cbe3-e5bf-5efa-8ee6-82f2ec588eb3", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.21-tuxcare.6 of org.springframework:framework-docs." }, "affects": [ { "ref": "pkg:maven/org.springframework/framework-docs@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:5cbf0c18-b147-53fd-beb8-89829343e946", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 6.1.21-tuxcare.6 of org.springframework:framework-docs." }, "affects": [ { "ref": "pkg:maven/org.springframework/framework-docs@6.1.21-tuxcare.6" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/framework-docs@6.1.21-tuxcare.6" } ] }