{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:f40a6160-c355-5ad0-a421-bfeb2b635338", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-context@6.1.21-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-context", "version": "6.1.21-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-context@6.1.21-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:e4bdf062-7bb0-55dd-857e-dbdaece29c99", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.21-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:861443b4-624f-5663-8d2c-c295c2aa9969", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 6.1.21-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e610edd5-8365-5665-96d0-0f6fd30c4b58", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 6.1.21-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:27c94a2c-a572-5a11-b8aa-085090a987ea", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 6.1.21-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e964ee09-73c3-58ce-837a-da8900198a28", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 6.1.21-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9989c4ac-9ead-5664-b83c-888c66da9852", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 6.1.21-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ddb56d7e-aa66-5ef3-81a9-9aac20886266", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 6.1.21-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0b90d13d-7c05-5ad3-be47-b28f58fa973d", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 6.1.21-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:effed059-4958-5d88-9fd8-cab419bc7d1b", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 6.1.21-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8b88c761-b0c9-52e6-a4e5-561deb2d271f", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 6.1.21-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:15aa9a70-aaa9-5389-af2a-3c291ab279f5", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 6.1.21-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:02c9f346-a961-5ac2-b0a8-7a769184c28a", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.21-tuxcare.2 of org.springframework:spring-context. already_fixed \u2014 The target repository (Spring Framework 6.1.21-tuxcare.6) already contains both upstream patches that address CVE-2026-41840. The fixes were previously applied as part of TuxCare backports for CVE-2026-22740 (commit d8aa04a97f, 2026-06-08) and memory leak fixes (commit e7c90921fd, 2026-04-29). Both doOnDiscard handlers are present in the current code, preventing resource exhaustion from multipa..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:98e84260-f850-532c-847c-d739068ae78e", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.21-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9508d217-684c-5aa1-a6e3-be6533a463c3", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 6.1.21-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5be4ef38-6a4a-5d7a-926f-ed21c80cbdf0", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.21-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a56dd308-44a5-5669-adc8-f3c0c3e939be", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.21-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bb99a67e-e97c-5b8b-b276-df6872b378b7", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 6.1.21-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fac1e319-54af-59c0-bdbb-e642d2710949", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 6.1.21-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d242064d-060c-5a53-a195-bc3ff89d51a5", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 6.1.21-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8e7453a0-4f85-5cae-98cb-29ac214a11d8", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 6.1.21-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e13ca113-e705-5213-bc3e-cdf1d12906ed", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.21-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:10225394-a7f0-525f-996c-1101cb03522c", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 6.1.21-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:279462f6-fe39-57c5-92c0-f4c906423664", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.21-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:41b48028-0cb1-569f-a271-9d40d7982278", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 6.1.21-tuxcare.2 of org.springframework:spring-context." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.21-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-context@6.1.21-tuxcare.2" } ] }