{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:f7ed72bc-7c76-5132-be1f-930abb0283fe", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.21-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-context-indexer", "version": "6.1.21-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-context-indexer@6.1.21-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:a10c6870-6f5a-5145-acde-56f08d61d43b", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.21-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a9436209-674a-5474-b7d1-4a4b33a6c719", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 6.1.21-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b1b0563d-09b0-5b03-9d43-e06683ff3d5a", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 6.1.21-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e0a5f44c-e59d-5227-b7b1-c090eec1a68f", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 6.1.21-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e6e5c7d5-2114-5f08-8256-f87e6801d595", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 6.1.21-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0a5cc3a0-b55d-5a6f-9b5f-04c79c5a2b3e", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 6.1.21-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:eb872542-9beb-55c0-81ba-ec4e5722f14c", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 6.1.21-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2e4982ce-3edc-5306-b567-983402e9e928", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 6.1.21-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6eeade5b-d5a3-5e9f-9cf0-bedf2d98fbee", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 6.1.21-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9d177188-63de-5e53-a164-a7f5540a6126", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 6.1.21-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9e6ece84-d0c7-585c-8b99-ee39d9f03cdc", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 6.1.21-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:98bed035-b687-5233-a48d-b37075bbe554", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.21-tuxcare.4 of org.springframework:spring-context-indexer. already_fixed \u2014 The target repository (Spring Framework 6.1.21-tuxcare.6) already contains both upstream patches that address CVE-2026-41840. The fixes were previously applied as part of TuxCare backports for CVE-2026-22740 (commit d8aa04a97f, 2026-06-08) and memory leak fixes (commit e7c90921fd, 2026-04-29). Both doOnDiscard handlers are present in the current code, preventing resource exhaustion from multipa..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:71ca049f-0aa0-5030-ae5b-e80bea836c6d", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.21-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:72ee049b-9ab6-5b71-95a0-4bda1ed54883", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 6.1.21-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4e1e4898-f0af-5b21-8107-369e3cf7b21c", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.21-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:669cda69-0010-5d52-9f89-8db0b6b06cbb", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.21-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:79de0e96-d683-514a-bee5-c00e3fa90b51", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 6.1.21-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e9bd7cf7-d71b-5968-9caf-929688daf419", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 6.1.21-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0cb348de-7a2d-5a88-8693-ecb311161ea5", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 6.1.21-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:bf645c26-d656-5876-8303-13a9c6674dd7", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 6.1.21-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cc20c0f8-280c-59b9-aa92-4363ce4f915b", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.21-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:840f9a3c-fe82-5470-be1c-de1b6e93ab84", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 6.1.21-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3750474e-87f0-59cc-accd-d7b74f439f79", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.21-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f29e477e-5105-5478-aa8c-49d451cb3db2", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 6.1.21-tuxcare.4 of org.springframework:spring-context-indexer." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.21-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context-indexer@6.1.21-tuxcare.4" } ] }