{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:ca7d05a6-d46c-5b91-89bc-669b47d39055", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.20-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-context-indexer", "version": "6.1.20-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-context-indexer@6.1.20-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:6f47ffe4-6486-5bdd-ac29-8a30fa59394e", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.20-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b38dfef0-d2c1-5ebd-8a76-5f99bb25e5cd", "id": "CVE-2025-41234", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41234 is fixed in version 6.1.20-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ad518453-a9e0-502e-b690-ce5198f12a00", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 6.1.20-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4ca119e7-20d4-5194-a810-112fe5efa8c1", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 6.1.20-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d9317b84-90b0-5dda-b09e-35fe419267dc", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 6.1.20-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ff6ed2f6-5be8-5b1c-b0d5-906888a0131c", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 6.1.20-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3ec20aba-9c22-56db-92e3-dfe7783a3423", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 6.1.20-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6312562a-ec36-5ad1-bad9-2c340dd3000f", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 6.1.20-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:263a55f3-a797-5562-b514-3d0a1f16b67d", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 6.1.20-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e3eeea83-59ec-51ae-912f-a07caef8a241", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 6.1.20-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:114d9104-3e37-5828-80a2-77eff502fece", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 6.1.20-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d187406c-735b-57c3-8c0d-4c35e0c4babc", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 6.1.20-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:42a69aa0-72c0-5e8c-9c99-f9e86cf9526f", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.20-tuxcare.4 of org.springframework:spring-context-indexer. already_fixed \u2014 Spring Framework 6.1.20-tuxcare.4 already contains both doOnDiscard handlers that prevent the multipart memory leak vulnerability. The fixes were applied via TuxCare backport commit a6b78f2a1c on May 19, 2026 under CVE-2026-22740, which appears to be the same or closely related vulnerability as CVE-2026-41840." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2942c40b-a4d6-56d3-ade9-01a70756c48e", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.20-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e3f9c89c-9131-516f-b045-f0490a62f0c4", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 6.1.20-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6360eda9-95a8-509e-b81c-4ba90e68471b", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.20-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6de58304-a92a-56e5-9951-3c9c9f5ac74f", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.20-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:706ded67-8055-548f-8683-fd6c787a2cb2", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 6.1.20-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:85d7ffcd-0db0-51c6-b0f0-adfc8bf970f9", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 6.1.20-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f37bb8cd-3c2e-5256-8e39-06dd81f3e69e", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 6.1.20-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f6bcc7ab-7623-52ba-9910-ee6e60f409b5", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 6.1.20-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:499a3ba7-49a7-5b1b-bcf9-b109a3e8d7b2", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.20-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:eaf55b23-c62e-526f-99f9-f6cb05b032be", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 6.1.20-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a5e57459-7cb5-59d6-a061-ed00597619d0", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.20-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2c59e4de-133f-589e-8b00-f54ab796309e", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 6.1.20-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.20-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.20-tuxcare.4" } ] }