{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:97c55a26-8526-568c-b723-10e64b35b180", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-context", "version": "6.1.20-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:f38214c3-4357-5607-8479-b3ab2a97fb31", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.20-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5b6a9e2f-2528-5237-a27a-1e421542d046", "id": "CVE-2025-41234", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41234 is fixed in version 6.1.20-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a700bb19-c8f5-5b3a-a72b-1732756bf96a", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 6.1.20-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0536b92c-e065-50b1-97d8-1f9da48118fd", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 6.1.20-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:93e55275-19e0-585d-bce4-fe55d0965ce0", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 6.1.20-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9e079143-25a9-5201-9150-f1130cdcae1d", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 6.1.20-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:39e8320d-90ad-5cc6-85ab-afa0ad843136", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 6.1.20-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1103f4ae-b1a6-5601-a3b9-e0bd3864991e", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 6.1.20-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f8fdb4ff-a0c9-5e61-80b0-582ddaeb5d2c", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 6.1.20-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9a8e8fc5-a7d6-5bd1-8469-2158cbb365aa", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 6.1.20-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e4fd0140-2c55-5fa3-8ffd-21c6b389adbe", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 6.1.20-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ab2f5508-2492-5de3-87b9-ae5ec720e256", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 6.1.20-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:46aeb06e-9248-5aad-ab61-a55adc8b5199", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.20-tuxcare.4 of org.springframework:spring-context. already_fixed \u2014 Spring Framework 6.1.20-tuxcare.4 already contains both doOnDiscard handlers that prevent the multipart memory leak vulnerability. The fixes were applied via TuxCare backport commit a6b78f2a1c on May 19, 2026 under CVE-2026-22740, which appears to be the same or closely related vulnerability as CVE-2026-41840." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1442c3ae-06e7-5543-be36-3e965e6a9fdf", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.20-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6bfc5fd7-6790-5d37-92f0-1ebc738bea53", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 6.1.20-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:895d391f-6120-58df-935d-f74c9fc9f3cf", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.20-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4e1340ff-8836-5f0b-a213-8cf0e3dd1701", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.20-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:79cbf754-e551-552d-84ec-4d39bb13eb59", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 6.1.20-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:803b12a3-3c60-5ba0-aba7-87bf3cb8ae1f", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 6.1.20-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6a9ede54-e629-50b0-ac5a-218ae5c3b85b", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 6.1.20-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e8b57dc3-ab7b-5f9e-bac0-9c10c750c9a6", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 6.1.20-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5a368fca-dff0-5e36-b6c4-cd15044a00b2", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.20-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e185f563-8c42-5c79-984a-a18d2d20fbe8", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 6.1.20-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:dab22e35-d1ba-546e-a061-819cb9274120", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.20-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d768035f-2668-5203-8958-3399f315545e", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 6.1.20-tuxcare.4 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.20-tuxcare.4" } ] }