{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:ea301899-44d5-5054-9a4c-51d333854dce", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-context-support", "version": "6.1.20-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:1817252f-635e-5fbb-a64d-e880371e076e", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.20-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d096886e-c3ad-5fee-88ed-74d9375f32bb", "id": "CVE-2025-41234", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41234 is fixed in version 6.1.20-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:42a271a0-2047-53a8-85fc-f6dcf2b69c55", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 6.1.20-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:580d0525-a491-5194-8a6c-b7d6f530d97d", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 6.1.20-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0e1e1eb0-c740-533b-a4ff-ce01334db2dc", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 6.1.20-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2585396d-902e-5038-9718-0bc312ad279f", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 6.1.20-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b5bba277-bdfd-5ecb-afee-2c2a691ac391", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 6.1.20-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:72235491-698e-5b00-9f78-3db1b1bb2a2a", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 6.1.20-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f8126179-258f-5752-a023-adb097a6240d", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 6.1.20-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1e10334f-8481-51c8-8442-5f2facdd459c", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 6.1.20-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6b449fe0-0959-5715-afda-ab1e58bd85fa", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 6.1.20-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c01115e9-0b79-5adf-911e-1bcbdddfa6f2", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 6.1.20-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7f84fff2-dc9a-58e9-a5b8-02ab6c74d59f", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.20-tuxcare.2 of org.springframework:spring-context-support. already_fixed \u2014 Spring Framework 6.1.20-tuxcare.4 already contains both doOnDiscard handlers that prevent the multipart memory leak vulnerability. The fixes were applied via TuxCare backport commit a6b78f2a1c on May 19, 2026 under CVE-2026-22740, which appears to be the same or closely related vulnerability as CVE-2026-41840." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bfdfb933-b9ed-5344-8149-cc7f09ee799b", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.20-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0bbd3b51-3cc4-58a0-af03-59e60399c28c", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 6.1.20-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c06b97d7-2415-5cb8-8718-016a06c79645", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.20-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:12b9c70e-c092-5c86-a5b6-b971759a0f3e", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.20-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:eafa7747-929f-5ced-adb9-c310ea83048f", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 6.1.20-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ded73872-39ac-5d93-8679-c7c3ac366623", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 6.1.20-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:497d598a-b129-52cb-b498-b21bfef6e224", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 6.1.20-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4fe804cf-868a-515c-90e8-9204da431307", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 6.1.20-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:21296857-d80e-50a3-ac22-4537fb4672bc", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.20-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:932a6b39-2fbe-5a6a-8dda-796ee1296011", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 6.1.20-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1feb2b70-d46b-5dd3-a2c5-596691f9f519", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.20-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:659da465-dbf0-51f7-a445-e70a2112242c", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 6.1.20-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.2" } ] }