{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:56e4ba03-0a3e-5f2b-9b5f-e94ec06074eb", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jcl@6.1.21-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-jcl", "version": "6.1.21-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-jcl@6.1.21-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:36a72b99-7922-5128-88c7-0351fc64f5db", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.21-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:119e66d0-5f36-5a5e-a77a-72f857bd2439", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 6.1.21-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1494e360-10a3-5903-ad5e-06691d469b02", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 6.1.21-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2328d2f3-d306-5bb6-aa8e-7c144d997b1c", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 6.1.21-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:04eaa465-aedf-5ac8-86bd-fe287ea04dc3", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 6.1.21-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d0d6383e-0495-5eae-92c9-946b42849213", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 6.1.21-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f6fe087f-ce3d-5036-910f-cb48920b1261", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 6.1.21-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1b596e7b-5b6f-5fad-a18e-f71dc9629b01", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 6.1.21-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:02613510-1880-52fd-8de8-f3399373de0a", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 6.1.21-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:073e22c7-74cf-5ba8-bae1-373365ab662d", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 6.1.21-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:61e645c1-9ecf-5769-b402-0dba04a5ae3a", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 6.1.21-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cf2b10ff-8834-5311-b856-3c52e4718f68", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.21-tuxcare.2 of org.springframework:spring-jcl. already_fixed \u2014 The target repository (Spring Framework 6.1.21-tuxcare.6) already contains both upstream patches that address CVE-2026-41840. The fixes were previously applied as part of TuxCare backports for CVE-2026-22740 (commit d8aa04a97f, 2026-06-08) and memory leak fixes (commit e7c90921fd, 2026-04-29). Both doOnDiscard handlers are present in the current code, preventing resource exhaustion from multipa..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:569ea35f-6263-5115-a89f-31bca97c4b1f", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.21-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:eb8e1eb2-e64e-567b-a6ab-2d7060e00d19", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 6.1.21-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:440c566f-fb59-5b38-bdcb-9447097f6082", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.21-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e0f12137-ba6e-5d50-b7f0-3afaca45d48f", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.21-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8fd3f0fe-077c-5879-8132-e4d4da8d0471", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 6.1.21-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8aa5a63d-2428-5d62-90c4-6749ac95f7e0", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 6.1.21-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5105e7aa-76af-552c-a24f-c973b2921825", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 6.1.21-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ac14c30f-0c0d-5a72-9257-81d479d16f86", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 6.1.21-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3b37a063-620a-5da2-bf85-853d625c4d49", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.21-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8ae80b8d-2560-5ff1-9ae6-73fcff2be8f6", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 6.1.21-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:58ce3d33-35c5-59d5-8415-ea76421ef344", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.21-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3a1fc8c0-8143-50e6-8df0-c0ff990e5008", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 6.1.21-tuxcare.2 of org.springframework:spring-jcl." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jcl@6.1.21-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jcl@6.1.21-tuxcare.2" } ] }