{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:8ef0fc89-6ab2-5062-9268-e9316ec60e21", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-context", "version": "6.1.20-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:b25d97c1-a00b-5b14-a769-d61372b896a2", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.20-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:80902679-567b-5aa5-a2f7-11f110f522c9", "id": "CVE-2025-41234", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41234 is fixed in version 6.1.20-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9ceda32b-077e-51a3-8c0c-dceea7260248", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 6.1.20-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3db426ec-fea4-57be-8ed8-90185983a80d", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 6.1.20-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d9ae4d58-8720-5826-a20c-6d0656852fc4", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 6.1.20-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ef41a538-fd73-5d82-ba44-b3cd7ae651bd", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 6.1.20-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a670e67c-5edd-585e-98de-a06549e0d7d1", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 6.1.20-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b55ab318-d76e-5a62-800a-ca1ecd1d99cb", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 6.1.20-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:108430e7-9ed1-5006-86f3-6dc693ba8e8e", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 6.1.20-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4aa4e82a-9c83-51da-b475-b2d83a35d1bd", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 6.1.20-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cb695555-8393-5933-9e22-f09f37c93a88", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 6.1.20-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:707f4ec2-68e8-5f9a-a886-e840a7577f66", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 6.1.20-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e663be39-e0d9-53d5-8e6c-a50d2cdceede", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.20-tuxcare.3 of org.springframework:spring-context. already_fixed \u2014 Spring Framework 6.1.20-tuxcare.4 already contains both doOnDiscard handlers that prevent the multipart memory leak vulnerability. The fixes were applied via TuxCare backport commit a6b78f2a1c on May 19, 2026 under CVE-2026-22740, which appears to be the same or closely related vulnerability as CVE-2026-41840." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d91ce1db-84e0-591c-b765-874c64e61587", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.20-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d942d37d-f1cc-50fa-a962-64ab4eb710ee", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 6.1.20-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fdc39b78-44f2-5fc5-a1f9-de4304d78a72", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.20-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b236a8c1-7c32-5b5a-add1-867f6f11179e", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.20-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9666fa95-30e9-5672-ad4c-67b0e3efbf82", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 6.1.20-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:92bf985b-3cb5-5cdb-8cd2-8f5269c411b9", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 6.1.20-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:95575091-09e3-5747-bce3-d078baf59ce9", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 6.1.20-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ac91af23-428f-5a9c-8821-7cc387a3cec6", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 6.1.20-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:448e4fe1-08d1-574e-984c-66af8c6b1796", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.20-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:94ec1b77-4f47-5ebd-8c01-47194f172105", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 6.1.20-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:203b2dd4-ea0b-5d32-8097-657eafa0d930", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.20-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:79a04e50-11fc-5f05-9945-a16646726bac", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 6.1.20-tuxcare.3 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.3" } ] }