{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:70276707-f596-5030-86b1-aef555e52dac", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-beans@6.1.21-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-beans", "version": "6.1.21-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-beans@6.1.21-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:df669278-20ca-5e8a-b650-1265b531f2d8", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.21-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:173ea07a-ecfe-5861-8541-fe013d1fc0fd", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 6.1.21-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e95d2c5c-1083-5f88-8352-96e843ceae3e", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 6.1.21-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:49ea03ef-2357-51af-a0c4-b5f013b17561", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 6.1.21-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:26e5a57b-3435-599d-be79-86ab12857428", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 6.1.21-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a1c6799f-5b38-5951-be65-e60a97da66e4", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 6.1.21-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b27501d0-558a-59dc-bf89-8b24421a8748", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 6.1.21-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:de548725-e0de-563d-8d1b-e516302e4939", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 6.1.21-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:067d7133-fbd6-589c-9a85-d1fe5a724d0c", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 6.1.21-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:928925fa-c105-5325-870b-534466170c9e", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 6.1.21-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:66f9d24a-81e7-5de7-a535-67d06150b2e7", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 6.1.21-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cd6786dc-a71d-5d30-8a10-ba06d3b57f67", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.21-tuxcare.1 of org.springframework:spring-beans. already_fixed \u2014 The target repository (Spring Framework 6.1.21-tuxcare.6) already contains both upstream patches that address CVE-2026-41840. The fixes were previously applied as part of TuxCare backports for CVE-2026-22740 (commit d8aa04a97f, 2026-06-08) and memory leak fixes (commit e7c90921fd, 2026-04-29). Both doOnDiscard handlers are present in the current code, preventing resource exhaustion from multipa..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:39c0766b-ee2e-5641-aa28-f2d9e8feeace", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.21-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1d2519b0-6e00-5ad3-8bba-ad82ecf0a00b", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 6.1.21-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:91a0c58e-f7c0-56b2-8516-65f3e668faed", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.21-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ee846888-7f94-5187-a6b4-23e135ac76a9", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.21-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:32338108-065d-5ec2-8968-68096ff2871b", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 6.1.21-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d228c7b4-9b67-5a4e-9da5-161e8ac3f2b9", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 6.1.21-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d1f42f43-bb1b-53c9-b05d-c1483a8c1790", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 6.1.21-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:45b37b5c-d543-52ed-85da-075dbdcf4a2d", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 6.1.21-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0956c44d-f915-52bf-85a0-18a32325490d", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.21-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c67a9187-cbcd-5e20-8e56-c1d62cc58361", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 6.1.21-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9af62e91-75b4-5fbc-ad6d-382f4c1f4215", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.21-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c80a9257-4c33-59ec-9656-2d21a6b05043", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 6.1.21-tuxcare.1 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@6.1.21-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-beans@6.1.21-tuxcare.1" } ] }