{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:a08822ce-3455-539f-a852-70d35c791a02", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-aop", "version": "6.1.20-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:a6f7c49b-826d-58d4-8ce4-0274ed8e5955", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.20-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6948b152-6467-5d00-85f2-15d9eb452c7c", "id": "CVE-2025-41234", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41234 is fixed in version 6.1.20-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:93fff50f-7821-5848-9ec6-87cb8895feba", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 6.1.20-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4dc2a2dc-7cb9-5039-ab54-f84ad923a938", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 6.1.20-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c2cee42e-40dc-52f4-ab69-bf172fa2264e", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 6.1.20-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e59c28e7-6ee9-5951-afd9-455c6925634d", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 6.1.20-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1e65f86c-fa5a-54d7-9ea0-e1773c20fed2", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 6.1.20-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:186db353-e709-5dcd-b2da-a52abe57a523", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 6.1.20-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1e9161f6-8d71-587b-9c66-4ca08d1a5c49", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 6.1.20-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4882b0f1-06c0-5f53-856c-8f981d9d99c7", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 6.1.20-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7ac0aaa2-1bcb-51e4-9e37-35d99544f379", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 6.1.20-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ef0b8ef8-39f8-5256-94a8-f3870f37c14f", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 6.1.20-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:de863667-f709-5644-a844-3fb6fa86973c", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.20-tuxcare.2 of org.springframework:spring-aop. already_fixed \u2014 Spring Framework 6.1.20-tuxcare.4 already contains both doOnDiscard handlers that prevent the multipart memory leak vulnerability. The fixes were applied via TuxCare backport commit a6b78f2a1c on May 19, 2026 under CVE-2026-22740, which appears to be the same or closely related vulnerability as CVE-2026-41840." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:97945c2e-ef9b-5686-813f-bdd47dbefb6f", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.20-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6fcfe949-3820-5b0e-bfaf-b67ff36b5172", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 6.1.20-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:283261a4-5a66-55cf-b095-337805288dc5", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.20-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:26adf9bd-5f0f-543c-a289-b1a7690797f5", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.20-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ace9ce8f-5988-580e-a197-31da9a5ecab8", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 6.1.20-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:47d92dd5-5358-564b-8612-116ec9229676", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 6.1.20-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a338ed75-b847-59b7-9d5c-5bbd1e68af01", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 6.1.20-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:88495ee4-2150-5dbb-8141-0203b216822c", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 6.1.20-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:12aa0a5d-5a48-5e6a-9427-54742ee05b92", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.20-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d8c14a61-1bd2-54cd-9187-9cae4d5f67bd", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 6.1.20-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bb6e62f6-05ca-5991-8e4b-09e0ba418f6e", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.20-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a9f684ba-8d2d-5426-b5f9-a8a61ce57d9a", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 6.1.20-tuxcare.2 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.20-tuxcare.2" } ] }