{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:b41b4d38-88be-5afb-a10e-730925cbf690", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-context-support", "version": "6.1.21-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:38ff7792-4c2d-5a18-89d9-d97cb921e354", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.21-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b8aa4d9d-6462-54d9-a6df-6d058c65fdfb", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 6.1.21-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b3513895-3a27-5d9b-bea3-41208e746ae2", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 6.1.21-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f3a538a8-54d5-566e-96fb-502158edcfc5", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 6.1.21-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7a49294b-39b7-5fcc-b59d-f35f7e4f224e", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 6.1.21-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d56d51ce-8bef-566d-b85a-02b28c824db6", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 6.1.21-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:bcc77d29-6e06-5051-b3fc-1026a32cea45", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 6.1.21-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:be6c2629-0ac4-5ef5-812d-34f092a02aca", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 6.1.21-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d118e678-ceb3-53df-81a5-555dc7a172ba", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 6.1.21-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4edddafb-57af-5181-a031-5b8eb2963766", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 6.1.21-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2d05ddbd-63c6-5846-b0c5-284e2ee350d4", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 6.1.21-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5880317c-7749-5fb3-8475-6077d4631e27", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.21-tuxcare.4 of org.springframework:spring-context-support. already_fixed \u2014 The target repository (Spring Framework 6.1.21-tuxcare.6) already contains both upstream patches that address CVE-2026-41840. The fixes were previously applied as part of TuxCare backports for CVE-2026-22740 (commit d8aa04a97f, 2026-06-08) and memory leak fixes (commit e7c90921fd, 2026-04-29). Both doOnDiscard handlers are present in the current code, preventing resource exhaustion from multipa..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:96d57df0-4982-51fc-b3d9-bc80af467123", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.21-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ce36258d-47e4-5716-b834-562233dbbbd1", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 6.1.21-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:10cd2c3d-f2d1-58e6-88e0-3d8c3071c14a", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.21-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e8b8ab60-ba58-560b-b718-77c42026034b", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.21-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d7acc859-739e-576c-a370-a94aa4580626", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 6.1.21-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2b75429e-7aca-57f7-ae50-4ba34d55775f", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 6.1.21-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f668e214-ce23-552e-91dc-c30879b6b6da", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 6.1.21-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:56d2b680-7f59-5d27-8114-480bb036fcbc", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 6.1.21-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:30775356-2fc5-5976-8458-ea7ae81eedb8", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.21-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3cfc8f6b-3199-560b-9a38-3b7f5e3c4fb6", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 6.1.21-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6b0dbf33-b0ae-5919-aed0-1b06ec3d6db1", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.21-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0233b8ab-7c1f-5301-90c6-92f86c379f0e", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 6.1.21-tuxcare.4 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.4" } ] }