{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:03b2c6ce-7870-5174-beff-043778a9aabd", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.6", "type": "library", "group": "org.springframework", "name": "spring-context-support", "version": "6.1.21-tuxcare.6", "purl": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.6" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:b5d19d00-8124-5dc6-88ad-b41ecc41dee9", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.21-tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:bd6dd0c5-6e2b-55b9-bec2-e6f30c41660f", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 6.1.21-tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:98a58b19-b61a-51f1-b1be-b34561c724a2", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 6.1.21-tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:ac0cebf9-e62c-56cf-a4e5-68f222d67d24", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 6.1.21-tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:319309ea-325f-5743-89fa-555341d789e0", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 6.1.21-tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:5a6625e1-9d22-5a27-9c37-066e8e0b60ea", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 6.1.21-tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:4a627cc9-3219-5a5c-858b-f84c0e9850de", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 6.1.21-tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:3d5b4bb7-6c30-51a1-ba68-386ccd099757", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 6.1.21-tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:582554b5-d4a8-5ee9-b1f3-e0e755039f6f", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 6.1.21-tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:e06d29d1-c608-5556-86d9-ff5caca68f8c", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 6.1.21-tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:86ff8d9c-bc23-57df-bb91-43702ce4ad5d", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 6.1.21-tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:243bdefa-729d-5e85-bc06-008a637eebef", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.21-tuxcare.6 of org.springframework:spring-context-support. already_fixed \u2014 The target repository (Spring Framework 6.1.21-tuxcare.6) already contains both upstream patches that address CVE-2026-41840. The fixes were previously applied as part of TuxCare backports for CVE-2026-22740 (commit d8aa04a97f, 2026-06-08) and memory leak fixes (commit e7c90921fd, 2026-04-29). Both doOnDiscard handlers are present in the current code, preventing resource exhaustion from multipa..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:399fcf27-bf77-5aac-92f0-71df51689df6", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.21-tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:59dba825-9f13-5697-b194-efaae6896cb0", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 6.1.21-tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:a639a249-a9b4-5ab3-9872-e22ce5396004", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.21-tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:2998c658-acae-5cf9-bac7-b27476992b94", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.21-tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:3910f3e1-f027-5be7-9475-880649b5cd04", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 6.1.21-tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:f2165715-ef32-598e-bd97-7ad9379204cf", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 6.1.21-tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:9702cec4-5d8a-5cd8-88a6-786c2c8c55a6", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 6.1.21-tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:49c60cd5-dfb8-5252-ad02-cf3a5f9291a9", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 6.1.21-tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:7d9e834d-a51f-57f2-9855-8a1db7793623", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.21-tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:ff44e503-2826-5564-b752-657f2a48735c", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 6.1.21-tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:f127eb99-a554-5427-8681-ddb42cc7f12c", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.21-tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:6bc9dc80-b6a8-5de8-bd2c-13bbd838e5b6", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 6.1.21-tuxcare.6 of org.springframework:spring-context-support." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.6" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context-support@6.1.21-tuxcare.6" } ] }