{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:675a8664-beb6-5e86-a69f-7ee9e8a2bc7d", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-beans@6.1.21-tuxcare.6", "type": "library", "group": "org.springframework", "name": "spring-beans", "version": "6.1.21-tuxcare.6", "purl": "pkg:maven/org.springframework/spring-beans@6.1.21-tuxcare.6" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:abd44cdd-c964-5888-a87d-e169717dce64", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.21-tuxcare.6 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:9622413f-d03a-52e6-a3d2-403cc77bafae", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 6.1.21-tuxcare.6 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:4941cdbc-9d0b-571d-9813-589422d72e61", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 6.1.21-tuxcare.6 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:37fb46a7-0d87-5e21-8815-07328afd22b0", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 6.1.21-tuxcare.6 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:5e9464d9-a3c7-5f7b-956d-192c7418b572", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 6.1.21-tuxcare.6 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:7792bc23-6bac-5939-80ba-23cff282dbb5", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 6.1.21-tuxcare.6 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:b755adea-c582-569d-8d57-f1316d9b2f4d", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 6.1.21-tuxcare.6 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:7ff8788d-5fd3-54bc-b557-6d06784523d5", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 6.1.21-tuxcare.6 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:c64cb170-ca6d-58ef-a097-b53feb1a6d3b", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 6.1.21-tuxcare.6 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:1fabcf7c-9d4b-5f45-8a36-50ab1f0aecac", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 6.1.21-tuxcare.6 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:8973020a-c498-5b29-b134-d1b023fb08eb", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 6.1.21-tuxcare.6 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:ae607237-9077-5b64-a3d5-69457d2a9805", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.21-tuxcare.6 of org.springframework:spring-beans. already_fixed \u2014 The target repository (Spring Framework 6.1.21-tuxcare.6) already contains both upstream patches that address CVE-2026-41840. The fixes were previously applied as part of TuxCare backports for CVE-2026-22740 (commit d8aa04a97f, 2026-06-08) and memory leak fixes (commit e7c90921fd, 2026-04-29). Both doOnDiscard handlers are present in the current code, preventing resource exhaustion from multipa..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:3e24a841-3add-5d84-89fb-6419db57191e", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.21-tuxcare.6 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:cb9f92c7-b435-5792-bf84-ff0f3476cf96", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 6.1.21-tuxcare.6 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:cd705f57-b58c-5712-8ac4-205cd6972bed", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.21-tuxcare.6 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:561de65e-e0ef-5b51-9b6b-a749d6ab42cb", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.21-tuxcare.6 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:6220e733-dde7-5194-9f09-6fe26cb7e24d", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 6.1.21-tuxcare.6 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:c4911d07-866c-5cd0-aa52-48f9a6752cb6", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 6.1.21-tuxcare.6 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:6b624dca-c044-5ffe-b57b-16f2496e96bf", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 6.1.21-tuxcare.6 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:cc6f0f0b-4f89-579e-89d3-323748d96271", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 6.1.21-tuxcare.6 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:916810b0-d26c-5aff-a31c-d459f1806dbb", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.21-tuxcare.6 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:c2993774-3ddb-5b09-8bd2-f9c2489a5862", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 6.1.21-tuxcare.6 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:73df4c6a-ecc0-54cc-b325-426d7e19fde1", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.21-tuxcare.6 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:8cafaf1c-1614-5f39-8c56-fd025a353567", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 6.1.21-tuxcare.6 of org.springframework:spring-beans." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-beans@6.1.21-tuxcare.6" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-beans@6.1.21-tuxcare.6" } ] }