{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:5e6ea0a0-c4b5-5d61-ba2e-019edae158b7", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-aspects@6.1.20-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-aspects", "version": "6.1.20-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-aspects@6.1.20-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:1e15910c-a607-503c-a95f-2d5713d16dd2", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.20-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f4edf3a3-c89b-5206-9a5c-c7b29c06f6e1", "id": "CVE-2025-41234", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41234 is fixed in version 6.1.20-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:58d5287f-a6f0-5976-8e77-a4b411f4d3ec", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 6.1.20-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:35563f2f-1d43-50fc-a3d0-74ea78eaf821", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 6.1.20-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9479a26c-17f5-55bb-985c-d5c660f2010a", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 6.1.20-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1bf0e8ca-39c1-5882-ad55-f8a0a0873224", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 6.1.20-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1e571ae4-b98d-5166-9630-aa22ce32f502", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 6.1.20-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c385d1c5-2921-5002-8bc5-17381064f5e9", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 6.1.20-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:08857668-5b0c-57eb-8af9-eb591608f29a", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 6.1.20-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7a410572-2dc8-535a-8609-6f6c4feb4bc6", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 6.1.20-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0c7516cd-3802-51d4-aeb1-c814a84d7f11", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 6.1.20-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:43fefec1-897f-5782-a970-5393388df07f", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 6.1.20-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a1301668-8a06-5011-92bc-831d67043da0", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.20-tuxcare.3 of org.springframework:spring-aspects. already_fixed \u2014 Spring Framework 6.1.20-tuxcare.4 already contains both doOnDiscard handlers that prevent the multipart memory leak vulnerability. The fixes were applied via TuxCare backport commit a6b78f2a1c on May 19, 2026 under CVE-2026-22740, which appears to be the same or closely related vulnerability as CVE-2026-41840." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:727bf90e-8d11-53e3-bb44-9eac82a9b165", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.20-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:da7c716c-69b7-56f0-b7fe-460b1ed6d569", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 6.1.20-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3766e2cb-7ecd-57ac-8cda-c4d53090f766", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.20-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d1985c55-ff53-5d41-985d-51088a3d4e9c", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.20-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:23d41066-f043-50bf-9827-5d698ef447b3", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 6.1.20-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:782622a1-9095-58a9-b5a3-4d45ba28daff", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 6.1.20-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:602d5059-d605-5394-b851-71a4c73e27e1", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 6.1.20-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5ddf2771-5f8c-5ca3-aaac-933429db46be", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 6.1.20-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:57c28e76-a261-5efc-b3dc-624b7481199b", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.20-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:560310b7-01ac-54c8-9886-d67c0e921585", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 6.1.20-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2fdcbb42-d7e5-5305-9cad-8929222ac790", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.20-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b4d290f2-7d61-5ef1-939b-cc80024216b4", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 6.1.20-tuxcare.3 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.20-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.20-tuxcare.3" } ] }