{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:38f16f94-8f69-5eb8-8559-aa230a889fb3", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-framework-bom@6.1.20-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-framework-bom", "version": "6.1.20-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-framework-bom@6.1.20-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:ea0c229e-48d2-58fb-9e82-2551b0828092", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.20-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:72e1a3f6-2211-5f7e-b79c-419e48512996", "id": "CVE-2025-41234", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41234 is fixed in version 6.1.20-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1c63f353-e245-50cd-8ea1-3cd704a46a1f", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 6.1.20-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9d398f10-3496-56d5-8ace-f33767a2f273", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 6.1.20-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:947ccca6-7dcc-5cef-865b-153485a2c627", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 6.1.20-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fa9ad7c8-4537-5980-ad8d-a1ee2a9c87f9", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 6.1.20-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:51ff35bb-ea5f-58af-b7ba-c0a1e05cdce3", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 6.1.20-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:03260d38-e992-5a54-adeb-09b4bccfc047", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 6.1.20-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bcfadbe7-dde9-5612-a91a-d33139617e61", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 6.1.20-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4991178d-4215-5d01-b170-8e4ba2d03549", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 6.1.20-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2b51bc30-c8ec-57fa-80d9-5ae60b728101", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 6.1.20-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0219d61f-7c60-5ab4-8088-30d9011e66cd", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 6.1.20-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a98f46c9-0194-5c89-900b-dcba689456f9", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.20-tuxcare.1 of org.springframework:spring-framework-bom. already_fixed \u2014 Spring Framework 6.1.20-tuxcare.4 already contains both doOnDiscard handlers that prevent the multipart memory leak vulnerability. The fixes were applied via TuxCare backport commit a6b78f2a1c on May 19, 2026 under CVE-2026-22740, which appears to be the same or closely related vulnerability as CVE-2026-41840." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f4611158-9fef-5ec3-86be-f318ce62adb2", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.20-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0d396174-ff28-5ab0-898b-378e8317fc8f", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 6.1.20-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:37f2ba90-d15f-5222-8061-a07f707dc375", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.20-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5d158d8b-1fe1-5389-a1e9-e4d9867f421e", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.20-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e7f2c086-b45d-5a09-8b7d-e82b33f95117", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 6.1.20-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:65016e7b-4d56-58c0-9b36-78baf2f38aab", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 6.1.20-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:134f38e6-9c4d-5764-97a1-78daa7362062", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 6.1.20-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5ddecce1-fb55-5637-83f8-fd378657dc4c", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 6.1.20-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:df9be3ff-f3ef-5a44-af77-b2b44d1a227e", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.20-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a7b4f774-778f-57fe-860c-58789c3f9c33", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 6.1.20-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b79db284-9de6-5cf0-9628-9ae24524ae92", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.20-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:111135bb-68f8-550a-b938-ad0b9aca3859", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 6.1.20-tuxcare.1 of org.springframework:spring-framework-bom." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@6.1.20-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-framework-bom@6.1.20-tuxcare.1" } ] }