{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:c40b38f9-d2df-526e-ada3-03101e6b6ba9", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-aspects@6.1.21-tuxcare.5", "type": "library", "group": "org.springframework", "name": "spring-aspects", "version": "6.1.21-tuxcare.5", "purl": "pkg:maven/org.springframework/spring-aspects@6.1.21-tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:33e7b1f9-5b48-5973-9e75-5e74507c9856", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.21-tuxcare.5 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c71358d5-9a78-5f77-a70d-f812e72bc6cc", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 6.1.21-tuxcare.5 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:bdda9d43-5e6a-547d-89f5-dd41a0be8bf7", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 6.1.21-tuxcare.5 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e3d26379-0be7-5098-a177-64885b829bc0", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 6.1.21-tuxcare.5 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:098ad5f5-ec52-5fa5-a0b6-c914018d7444", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 6.1.21-tuxcare.5 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:18d995ad-b5b7-5262-9f45-ec7b8f5234eb", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 6.1.21-tuxcare.5 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:672d2b70-237e-5786-acb7-7dbd4e33ff00", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 6.1.21-tuxcare.5 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7a495291-ea0c-5eb6-85b8-df5e267c15d9", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 6.1.21-tuxcare.5 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1388860c-f45f-5316-9ad5-fc4b75dc2d0a", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 6.1.21-tuxcare.5 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:897b65bc-c37a-5067-a6a4-de113e74ef46", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 6.1.21-tuxcare.5 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:36da4b67-ff43-56c4-bf61-eb7ad837fc2b", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 6.1.21-tuxcare.5 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:59d6ac1e-8cf4-5b0f-aa38-76088c4e1e23", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.21-tuxcare.5 of org.springframework:spring-aspects. already_fixed \u2014 The target repository (Spring Framework 6.1.21-tuxcare.6) already contains both upstream patches that address CVE-2026-41840. The fixes were previously applied as part of TuxCare backports for CVE-2026-22740 (commit d8aa04a97f, 2026-06-08) and memory leak fixes (commit e7c90921fd, 2026-04-29). Both doOnDiscard handlers are present in the current code, preventing resource exhaustion from multipa..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:58876052-c435-5d7b-af4b-7c2a898e36d8", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.21-tuxcare.5 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b60f00ea-b3c7-5c81-9e07-abc3924f1c04", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 6.1.21-tuxcare.5 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e0649f33-f548-5b54-832b-e77a97e88a02", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.21-tuxcare.5 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:dcb0e518-a462-5f78-89a7-b417ec01110b", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.21-tuxcare.5 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:af5687ee-a61f-591c-8552-8d666091fb7c", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 6.1.21-tuxcare.5 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1d32f711-e6a2-59f9-8a95-e22c79cbfc2c", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 6.1.21-tuxcare.5 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ecdb4524-de75-5f4c-b3da-b187295332ee", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 6.1.21-tuxcare.5 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3f15678d-8b63-5d56-be77-5ca980ac6af4", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 6.1.21-tuxcare.5 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:485c360e-f69a-559d-afb7-50182a5e699b", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.21-tuxcare.5 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c7d9ce3a-6f1a-57c5-b2e4-54ae96451aa1", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 6.1.21-tuxcare.5 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c7150887-4492-573b-9a6d-117364b7345a", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.21-tuxcare.5 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:81df7ca9-bb51-52c6-b7a1-ced607475248", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 6.1.21-tuxcare.5 of org.springframework:spring-aspects." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.21-tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-aspects@6.1.21-tuxcare.5" } ] }