{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:4279c695-d8b4-5b1a-ab7f-b12943c64865", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-context-support", "version": "6.1.20-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:76f90c83-44bb-5a89-9430-b63ed8fcec74", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.20-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:de4b7117-3631-5a73-91ee-a7391aa65a70", "id": "CVE-2025-41234", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41234 is fixed in version 6.1.20-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b1381344-d69f-58c8-9c9a-8ce7d5f9189a", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 6.1.20-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2a7bbf4f-1128-5068-b5ea-a0bbb7f4f549", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 6.1.20-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6cb31a6b-28c3-5b16-8ecb-7fd28e894746", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 6.1.20-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cfb6ce62-f027-5eb7-a783-7c968630e6a7", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 6.1.20-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2278b828-ce1c-5a9c-b028-f77ac0b91e07", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 6.1.20-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:dabe3483-50c4-53b7-a9a7-d6947b738016", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 6.1.20-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:095d7d3e-4486-52b8-96cd-57518f263087", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 6.1.20-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:40559252-bae7-5d00-8971-27b5c4a9f06b", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 6.1.20-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d83a027a-1882-5339-9ccf-5ba5cc205672", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 6.1.20-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a8211d8a-772d-5009-91e4-4ce584c06fac", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 6.1.20-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2c82e2b1-8908-5c6c-ae25-aee4c39cf6f2", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.20-tuxcare.3 of org.springframework:spring-context-support. already_fixed \u2014 Spring Framework 6.1.20-tuxcare.4 already contains both doOnDiscard handlers that prevent the multipart memory leak vulnerability. The fixes were applied via TuxCare backport commit a6b78f2a1c on May 19, 2026 under CVE-2026-22740, which appears to be the same or closely related vulnerability as CVE-2026-41840." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d2f2608a-5ac8-5a3a-a704-ef414a1bd71f", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.20-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e5657300-99b8-5702-b376-365ad7b9232b", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 6.1.20-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b27a6c30-eaeb-5817-8be4-cf1075bf33a9", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.20-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d350ea76-4fe5-565f-9d96-886e5caff625", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.20-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2ae30f28-64aa-52ed-8835-7fa7b2c2c57c", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 6.1.20-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2bfc1be6-1ce3-58ed-ab70-1779385e53f8", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 6.1.20-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2cfb20b3-bbbc-51da-8c9c-54b8c377f464", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 6.1.20-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a7c6b4d1-3c1f-53b4-b424-3f3d05c7a609", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 6.1.20-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c22eaef1-0d0f-53c7-ae1b-5883c9b24c3a", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.20-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cc11450e-37f8-5e86-9f6a-5b54a36c00b4", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 6.1.20-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e7703b9b-62f6-5291-a299-5a6e3d3036e4", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.20-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fc9bd9d1-4b0b-5e89-9fda-d5bd963861b5", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 6.1.20-tuxcare.3 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.3" } ] }