{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:c23e50cc-8fa3-51cf-bcbc-7ebf9547d244", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context@6.1.21-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-context", "version": "6.1.21-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-context@6.1.21-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:deedac40-b3a1-5802-af7b-ac14880d2f54", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.21-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f3aaeefe-d338-559a-b0dc-41c0d50c4828", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 6.1.21-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:df465499-4841-5390-8dd5-5285e1111c10", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 6.1.21-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:744c0937-69f7-5ab9-afcb-1a5d4563b08b", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 6.1.21-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3e756517-1a7c-5371-b3b7-8d08daa2fe00", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 6.1.21-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c26e9f1d-6b4c-5e06-b373-a0fce59d302c", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 6.1.21-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5ad18bef-976f-52cd-ae61-9131d73ca9a9", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 6.1.21-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:880ef136-0f6f-5edf-a2e1-6aa9fa9d5d67", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 6.1.21-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4ff7656f-f346-52c0-a601-f208032e201c", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 6.1.21-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a4be6fa5-9fff-5416-80b3-c356939f6b94", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 6.1.21-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4f6bd703-b703-534b-87d1-524c1a729214", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 6.1.21-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1e42fd5d-d8cc-5778-be80-8832518d81da", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.21-tuxcare.1 of org.springframework:spring-context. already_fixed \u2014 The target repository (Spring Framework 6.1.21-tuxcare.6) already contains both upstream patches that address CVE-2026-41840. The fixes were previously applied as part of TuxCare backports for CVE-2026-22740 (commit d8aa04a97f, 2026-06-08) and memory leak fixes (commit e7c90921fd, 2026-04-29). Both doOnDiscard handlers are present in the current code, preventing resource exhaustion from multipa..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b0d38f24-1be2-577d-ae64-18c6c80653b2", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.21-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f0242cfc-edef-5af2-bbd4-85d7077d8ed5", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 6.1.21-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2a875160-4c2c-5382-9026-f131141a83fc", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.21-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:af0dba4f-2186-505a-bc0b-7138b222c63c", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.21-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:96efcbd6-51cf-5e71-82f1-b64bf7239fa4", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 6.1.21-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:421081de-77dc-531a-803d-e5de456bde27", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 6.1.21-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7a222a69-404c-58b9-a0c2-e6c8e2f07028", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 6.1.21-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b3b0a19e-e06c-59cd-a10e-a340f4a16abc", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 6.1.21-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1d3bcf36-99c6-5603-9f4f-16d584d851db", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.21-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c21db62a-9933-5b2c-ac29-8fd09708714f", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 6.1.21-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9a2b7737-0a61-59a7-b6b9-94cf44e8ed07", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.21-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c62a2a33-94a2-52ef-bba2-fe06e7015ea6", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 6.1.21-tuxcare.1 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.21-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.21-tuxcare.1" } ] }