{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:7f9668a4-c86c-59e4-8ea7-761b5f82cf82", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-context-support", "version": "6.1.20-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:522c219d-f92e-52e7-bbd6-3683d3a96c55", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.20-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fb41eff3-8ddd-5c0e-bff9-dd74728b5389", "id": "CVE-2025-41234", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41234 is fixed in version 6.1.20-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ad5d0202-cf0e-5d64-9395-dea57b51f12e", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 6.1.20-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:81733930-413f-5ef8-a075-2c639016ea42", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 6.1.20-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2fac247c-9fb9-5f12-828a-a3d9a04fa3b9", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 6.1.20-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6cf97169-cbc7-5b14-985b-5812abe6275f", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 6.1.20-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a0cd27b1-75dc-5420-bbf2-8174ae1a1635", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 6.1.20-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e6964720-c9f1-50d7-ba33-091ccb3a581a", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 6.1.20-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d80b7d97-d4b1-5f91-9b96-0c73d0263c01", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 6.1.20-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9d372d2c-7a85-59e8-b9d2-035586498876", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 6.1.20-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cb390215-86be-5b4e-bd29-525187577cd6", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 6.1.20-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4ae1b3c3-b5d0-5e84-a4a7-74a535bbf108", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 6.1.20-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4e611f72-3d2f-529f-a64b-4d02661fee50", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.20-tuxcare.1 of org.springframework:spring-context-support. already_fixed \u2014 Spring Framework 6.1.20-tuxcare.4 already contains both doOnDiscard handlers that prevent the multipart memory leak vulnerability. The fixes were applied via TuxCare backport commit a6b78f2a1c on May 19, 2026 under CVE-2026-22740, which appears to be the same or closely related vulnerability as CVE-2026-41840." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fdcf1153-8fe5-5f95-8a32-ebc957f2d104", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.20-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:786eb6c0-82e7-5720-8092-22e1d86c6f71", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 6.1.20-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:36aeaa0c-45ac-5e29-be1c-508762c21cc1", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.20-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:42d57205-77d7-55ab-abf6-776780f2ddbe", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.20-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:43c5c7ab-83ea-5c88-b371-1a4fdc81e557", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 6.1.20-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:238b610a-16f2-59f7-b7a0-2724eac973d5", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 6.1.20-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cf5119f6-801b-5b00-9cf4-89d2a874af02", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 6.1.20-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6c54eeb1-80f4-57e2-a7fc-ca9de5762cfd", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 6.1.20-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:949d78d8-69a0-519a-89fa-f48d012d84dc", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.20-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ab5a5cbd-eb6b-5cd2-89fb-d6c2f583acf9", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 6.1.20-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d089940c-6ff3-5617-82d4-aee42f09c490", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.20-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b67895a3-57d0-5b64-a946-0d877e924376", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 6.1.20-tuxcare.1 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.1" } ] }