{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:800d13a2-53e3-5e1a-a5e7-9fc1f837bdb2", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jdbc@6.1.20-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-jdbc", "version": "6.1.20-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-jdbc@6.1.20-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:72527bdc-d478-5ed5-b67d-7c42e03dde81", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.20-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0f1d7359-06d3-5247-92c3-954f832c9aee", "id": "CVE-2025-41234", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41234 is fixed in version 6.1.20-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:45c8de14-7fd7-5043-95d5-8a924f550920", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 6.1.20-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:fb1c86a5-50c0-5544-bbd1-892a48b18415", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 6.1.20-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:299e6780-1b1d-5d44-96da-9228fcf5c180", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 6.1.20-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:bb8c1455-6f1a-5b55-915a-3cebcdb0bc69", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 6.1.20-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:280b5108-b3e8-5663-b9e8-ac415d71640c", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 6.1.20-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e3c5ee2a-4826-57cd-9956-82ac11cfb43e", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 6.1.20-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:256ea919-b66a-57ed-87d0-f3125f54a534", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 6.1.20-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b20df2b4-9370-5d2a-b1f2-ae433ee9f66f", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 6.1.20-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:845ebdf3-10ae-5276-94fd-1177415c5c02", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 6.1.20-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0baee291-1d6c-5e98-9157-3f419fdf1704", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 6.1.20-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:894a5fd4-e000-5e87-9eb7-d0108c71fe99", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.20-tuxcare.4 of org.springframework:spring-jdbc. already_fixed \u2014 Spring Framework 6.1.20-tuxcare.4 already contains both doOnDiscard handlers that prevent the multipart memory leak vulnerability. The fixes were applied via TuxCare backport commit a6b78f2a1c on May 19, 2026 under CVE-2026-22740, which appears to be the same or closely related vulnerability as CVE-2026-41840." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7d7d52dc-2409-58ef-88d8-133820e7427f", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.20-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6d7dab6a-ed3b-5fc2-855a-60218fcddd7c", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 6.1.20-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b8af42c6-3068-5e70-b761-4cf022ecd2e5", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.20-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:273cc658-823a-58db-b090-b93434fee5ea", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.20-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:33e46825-b03d-5a32-aa0a-cc7043c6c596", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 6.1.20-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:346379e7-f505-5898-9cc8-9daf406c1192", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 6.1.20-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8a35a171-246d-512f-9e11-14f10a344754", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 6.1.20-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c92ce365-2cc5-53bd-b48a-07ae7a03c346", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 6.1.20-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:917f3182-04be-5a59-9c91-f34ad4e57f16", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.20-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:89f143c6-0795-5f86-a66d-3f08d627b025", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 6.1.20-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b59c9351-4e6b-5501-a26a-f1813a7260c0", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.20-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ad69f168-57e9-5177-94c2-25e844803177", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 6.1.20-tuxcare.4 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.20-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.20-tuxcare.4" } ] }