{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:e68b237a-edfb-5cf1-9520-e95839b27e86", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-aop@6.1.21-tuxcare.5", "type": "library", "group": "org.springframework", "name": "spring-aop", "version": "6.1.21-tuxcare.5", "purl": "pkg:maven/org.springframework/spring-aop@6.1.21-tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:8d706b42-b9f3-5840-a5a4-90e15e9bbf67", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.21-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:118e2b9b-b620-51f3-bee6-ac1d00e60d92", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 6.1.21-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3508d513-168c-5546-9d02-8bad6ed76b89", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 6.1.21-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1c690b74-e632-5b9e-8ed3-3c711c2090fc", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 6.1.21-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a058dba5-6a8b-5681-9ee7-f5eed3f2a1ff", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 6.1.21-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:29830a16-0dbe-5be8-9bb9-f7871d3ee596", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 6.1.21-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ebb55b12-9d49-54c6-aa62-f5f171e5a93f", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 6.1.21-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:cd3c6865-6912-5b8a-ac83-89bd3e89b18c", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 6.1.21-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9d8c9a02-9d52-535f-af23-1fbeb8f69b1e", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 6.1.21-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b0ca3ad4-ffd2-5b6e-b409-440bf31e919a", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 6.1.21-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:180e40fb-178d-5e75-95f2-c7e4fc5a8d8f", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 6.1.21-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7e9ffd8c-7a6e-5c0c-aed0-b362d4a84cc4", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.21-tuxcare.5 of org.springframework:spring-aop. already_fixed \u2014 The target repository (Spring Framework 6.1.21-tuxcare.6) already contains both upstream patches that address CVE-2026-41840. The fixes were previously applied as part of TuxCare backports for CVE-2026-22740 (commit d8aa04a97f, 2026-06-08) and memory leak fixes (commit e7c90921fd, 2026-04-29). Both doOnDiscard handlers are present in the current code, preventing resource exhaustion from multipa..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a54f407e-5e3c-5c85-aedb-8c99603dac62", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.21-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:25aecc77-64a7-5af9-b881-f943827f4e0a", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 6.1.21-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ce3b672f-c38b-5efc-9919-4667edfaa9ad", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.21-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:595be37e-56f3-5de0-85fa-b71fb78c7e13", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.21-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:87c14e6c-69b4-5a7e-a5db-a1b0e4d21771", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 6.1.21-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:2a09f873-1c35-5416-bca9-05e61c6390e0", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 6.1.21-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:4a2ec3f9-7df9-55ea-8b5f-bfde37888ca8", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 6.1.21-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:36f4ba2d-921f-5b53-9e5c-e197138733e0", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 6.1.21-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e1d4c4fb-a923-5f82-a090-b60ebe1fa557", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.21-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d0377543-3fb8-5ef6-aa2b-1fe5a00d902e", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 6.1.21-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f152f6e7-b33c-5168-8c5a-d02d0f7607ae", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.21-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:07a89941-d13a-5948-945b-c9a1e680086b", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 6.1.21-tuxcare.5 of org.springframework:spring-aop." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.21-tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-aop@6.1.21-tuxcare.5" } ] }