{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:c2b9b003-7c22-5ba4-a0ad-315dc8a54f73", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-context-support", "version": "6.1.20-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:89c94515-b784-5b5b-8cbd-3ea99a106784", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.20-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:badf28aa-1d00-535e-bda2-ab60b744eb6c", "id": "CVE-2025-41234", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41234 is fixed in version 6.1.20-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7c46077d-67fb-5022-991d-d9eaf42b9155", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 6.1.20-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:000d401a-676b-5daf-a132-c98920bcda33", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 6.1.20-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2be2e164-6331-5c68-8121-fc258faab5da", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 6.1.20-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:067cde18-7c7d-58d7-8488-30a541eae245", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 6.1.20-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:39504c3e-1ac4-53c6-a908-edf91bb04c46", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 6.1.20-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:fbacdc17-bcc4-5a76-870b-be77c3c9a466", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 6.1.20-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4a667302-e5ee-5c0d-8f9e-b1f81b14d14d", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 6.1.20-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f051a3ae-8964-5f5a-a66c-456d412f3869", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 6.1.20-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a3e36834-3854-5e39-b29c-911fa52d6827", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 6.1.20-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:951ae4f8-9f1d-5114-bce4-8ae9731b7dcb", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 6.1.20-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a6645fb1-95b7-5229-ad33-8b1abf391552", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.20-tuxcare.4 of org.springframework:spring-context-support. already_fixed \u2014 Spring Framework 6.1.20-tuxcare.4 already contains both doOnDiscard handlers that prevent the multipart memory leak vulnerability. The fixes were applied via TuxCare backport commit a6b78f2a1c on May 19, 2026 under CVE-2026-22740, which appears to be the same or closely related vulnerability as CVE-2026-41840." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:887d99da-23fe-54db-8bb1-0b103e518fd3", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.20-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d1ede2a3-b23c-5bcc-9fb3-aa8a59fbdd98", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 6.1.20-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:03070a60-c1ad-58eb-a3b2-72aaf3c91b74", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.20-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b587533c-fd48-5100-aaae-681b266f5c5e", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.20-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:fd116288-3b27-5133-82b0-c0b7e05b0e19", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 6.1.20-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:21ab1790-6459-5688-b7d0-c52095d47320", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 6.1.20-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5e452cc3-0544-5da4-b15f-6bece69aaa3c", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 6.1.20-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0a90f402-8399-5ab2-88db-11318ce2f418", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 6.1.20-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b30fe3eb-0d96-5da0-8291-d3bb48f9f0df", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.20-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:813d9b03-f49e-5d92-b8c7-dc67ad379c0e", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 6.1.20-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e072a344-9928-50a9-bcf9-1b3c75e9f82b", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.20-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:76c6068b-5ae7-59cb-90f4-bcbe6f9c3204", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 6.1.20-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.20-tuxcare.4" } ] }