{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:97536c25-2cf2-5d25-aeb4-bf165f9f489e", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-context-support", "version": "6.1.21-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:087fafe6-39b3-5fed-9d8a-8a2449288ae6", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.21-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:39b97a24-ca66-50e8-8452-76b35776b2a7", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 6.1.21-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:36438d75-8b43-50f8-8cb0-93490feb11d7", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 6.1.21-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0eb7cf51-7d32-539b-b9b5-45f7d512fc95", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 6.1.21-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:140edc3b-904b-5627-a96d-04fcf95675ed", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 6.1.21-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3916ad9d-9d83-5a57-9dc3-d41176ff063f", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 6.1.21-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bdd7bb99-cc03-5cc2-8036-93afa41e9f97", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 6.1.21-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3fca9fac-ad13-54fe-8e4b-002260327ff4", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 6.1.21-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:04178ff0-3466-56b8-97ec-2aab39be312b", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 6.1.21-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5f0ae84a-7350-5439-b6c5-fc8fc8c248ad", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 6.1.21-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b53343a7-2f8a-571f-90a0-af022073bd8f", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 6.1.21-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:289e41d8-7aa4-5867-a0fa-5bd54b34f906", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.21-tuxcare.2 of org.springframework:spring-context-support. already_fixed \u2014 The target repository (Spring Framework 6.1.21-tuxcare.6) already contains both upstream patches that address CVE-2026-41840. The fixes were previously applied as part of TuxCare backports for CVE-2026-22740 (commit d8aa04a97f, 2026-06-08) and memory leak fixes (commit e7c90921fd, 2026-04-29). Both doOnDiscard handlers are present in the current code, preventing resource exhaustion from multipa..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d3dff4d2-b173-5314-9258-b63d566e4177", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.21-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d7d330e0-553a-5f37-b547-bf9a7e916284", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 6.1.21-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:887842a1-b585-5f60-b6ad-a71333f73d08", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.21-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:867c7263-1bc9-58aa-934e-833794656d7b", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.21-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9780e860-6c1c-556c-8f03-406f76b9ad6a", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 6.1.21-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c98213ce-43e9-532b-a25d-87ae77650e7d", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 6.1.21-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c56ae378-bfe7-5280-9a44-e709acd16788", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 6.1.21-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:20337106-a46c-5ec1-9b22-c0bb29de58d1", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 6.1.21-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b661f0bb-2707-54b5-a78b-93123da84439", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.21-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fcd5ce6d-347f-5a81-9dfa-69ec4b354b5c", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 6.1.21-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:852d2359-4402-5e72-9491-6f7deed13f16", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.21-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0a6b7f88-dfa6-5b6e-89d5-ffd1b4dc38ad", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 6.1.21-tuxcare.2 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.2" } ] }