{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:7fd9476d-e85c-5bd8-9985-9403b9e4a895", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.21-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-context-indexer", "version": "6.1.21-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-context-indexer@6.1.21-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:3a368956-adfb-5f0c-b83f-01800ccb2bb5", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.21-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bfecb983-efa3-5675-bf50-6a295e80131f", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 6.1.21-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:eb1453e9-5811-5d21-9ade-710abb8d9dae", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 6.1.21-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9b9c6fe9-0577-5b68-8777-a81e9f1eba62", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 6.1.21-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3cfb4253-9f88-5e56-885a-5fa483586929", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 6.1.21-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:79831890-03e1-5cbf-8b29-691ed20134a9", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 6.1.21-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bcc5cb9e-5583-501a-bb95-308f0e3f630d", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 6.1.21-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7036f7a9-4a43-5115-8483-afed3999947c", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 6.1.21-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2950fcbf-08b3-57df-9ce7-763da0759221", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 6.1.21-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e280ca70-3ddd-560e-9c32-61952dfec233", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 6.1.21-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6ac6d679-fc11-56e1-b183-54d9a4b09d94", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 6.1.21-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:22249ede-3e01-5830-b637-a2daeb73143c", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.21-tuxcare.1 of org.springframework:spring-context-indexer. already_fixed \u2014 The target repository (Spring Framework 6.1.21-tuxcare.6) already contains both upstream patches that address CVE-2026-41840. The fixes were previously applied as part of TuxCare backports for CVE-2026-22740 (commit d8aa04a97f, 2026-06-08) and memory leak fixes (commit e7c90921fd, 2026-04-29). Both doOnDiscard handlers are present in the current code, preventing resource exhaustion from multipa..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7431f5be-778a-5a5a-a0cc-84e1d21e96e0", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.21-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3b91a469-f649-5f11-a835-73e3a2a6d299", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 6.1.21-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4e15f7a9-1763-5709-9922-321e564291d1", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.21-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:42caa4f2-5731-5460-a451-1aceafd03f8b", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.21-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:41e1f105-3316-5f2c-bd37-9c5419799707", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 6.1.21-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b2e13c84-f20e-57db-920e-0a74b0749cce", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 6.1.21-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7fa74390-cd6b-5c38-a9da-715a79de5f51", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 6.1.21-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3ec16589-695e-5aa0-a423-76dd1fea23f0", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 6.1.21-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:36e7efb9-d873-579b-88ec-c032243b3944", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.21-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a96b2d1d-b3cb-5150-abdc-be167e04794e", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 6.1.21-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ce71bdef-96e8-5739-bbfa-693025683eb5", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.21-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8a2ca892-0de6-59a8-9fee-31e934ce856e", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 6.1.21-tuxcare.1 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.21-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.21-tuxcare.1" } ] }