{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:d9fe817e-8c7d-566c-a74d-315e5a9bd064", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-instrument@6.1.21-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-instrument", "version": "6.1.21-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-instrument@6.1.21-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:c44f9315-32a8-5a40-80dc-3ea239c59b70", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.21-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1225a77d-b96a-5963-85c1-c35aae3d7277", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 6.1.21-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4f6a0512-1726-5352-8106-23909bf2beb2", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 6.1.21-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c9096562-2bad-546e-9efc-c36b9ce21af9", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 6.1.21-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bb5d4628-b456-596a-924d-66d17e37e271", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 6.1.21-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ed6d4af4-e70a-585c-93d0-bb3c03b564a1", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 6.1.21-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6edb7a15-86ae-5113-bc34-0a510b98169f", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 6.1.21-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5c74f3aa-1ecd-5206-92a0-2ebe699b5ce3", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 6.1.21-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:20d10312-b9ab-5c3e-aa47-c802d8daa65b", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 6.1.21-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:98e1c3a2-af15-5820-a7c2-6c7825a89f4c", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 6.1.21-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a75511dc-e734-54ae-a085-c61fe058d108", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 6.1.21-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:de073e88-761c-5bbb-bf49-19d58985395c", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.21-tuxcare.1 of org.springframework:spring-instrument. already_fixed \u2014 The target repository (Spring Framework 6.1.21-tuxcare.6) already contains both upstream patches that address CVE-2026-41840. The fixes were previously applied as part of TuxCare backports for CVE-2026-22740 (commit d8aa04a97f, 2026-06-08) and memory leak fixes (commit e7c90921fd, 2026-04-29). Both doOnDiscard handlers are present in the current code, preventing resource exhaustion from multipa..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:02a012de-03e3-5480-b9c9-94261bd30b91", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.21-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cc20b07e-abb7-59ba-81df-f52676046409", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 6.1.21-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:007e4a9b-8fa7-5034-b1de-0877585e03aa", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.21-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:490e4a29-9364-50c3-ac6e-1ac7e5c616e2", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.21-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f1ce1de1-38f5-5a02-aeb0-4925ec66979a", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 6.1.21-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c2b1384f-3e9c-5044-9740-3393ab6367f4", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 6.1.21-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f2f1fc66-4f92-515b-b8f8-45754e26f7fd", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 6.1.21-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3fdf2e7f-6b85-55ed-a863-b5e5ba55112e", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 6.1.21-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ddf39649-6e6a-5853-b512-cb6ffe31177d", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.21-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e9ab55c7-bfc5-502a-a2a0-dee22c6f856c", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 6.1.21-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b83e8686-2237-5d80-9acc-90a6f27e27c0", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.21-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:82f60519-481b-5193-ac03-bb52258a91a9", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 6.1.21-tuxcare.1 of org.springframework:spring-instrument." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-instrument@6.1.21-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-instrument@6.1.21-tuxcare.1" } ] }