{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3f10e2bf-fc9a-500c-934a-4e47b979cb4c", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jdbc@6.1.21-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-jdbc", "version": "6.1.21-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-jdbc@6.1.21-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:ba65e07f-0218-5185-88e9-292f41210e58", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.21-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:19790597-0b53-50ab-ad42-fd1e8c3805d6", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 6.1.21-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:40ddb061-f4d8-569a-93db-2f10c022bb07", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 6.1.21-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b58b6aa7-9985-5aaf-90fb-17f3693a5b95", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 6.1.21-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:55a5130c-91ad-547e-b6b2-5422229efdd9", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 6.1.21-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:aee3aa99-9b9d-5c52-baeb-928a525d33de", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 6.1.21-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a18b73d2-899b-5b09-af4f-7be4b9dff6ac", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 6.1.21-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:16b1717e-2420-555b-8243-ff5d1ad56af2", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 6.1.21-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:aa639c07-2d0c-5b84-be14-ed833786b411", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 6.1.21-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9d997ae0-9d29-5055-8b52-89b8d2434b3e", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 6.1.21-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3e1e84f1-3d1d-510f-bfe7-def45414a1fa", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 6.1.21-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ed3cc7bd-358e-5542-a226-7f47a41c753b", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.21-tuxcare.3 of org.springframework:spring-jdbc. already_fixed \u2014 The target repository (Spring Framework 6.1.21-tuxcare.6) already contains both upstream patches that address CVE-2026-41840. The fixes were previously applied as part of TuxCare backports for CVE-2026-22740 (commit d8aa04a97f, 2026-06-08) and memory leak fixes (commit e7c90921fd, 2026-04-29). Both doOnDiscard handlers are present in the current code, preventing resource exhaustion from multipa..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1c471fc4-7cdb-5935-97d9-2153af91e134", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.21-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:61aaec3d-79b2-5bcb-88ef-e2c692b8e974", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 6.1.21-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:32d9a5a8-c18a-5ea4-a640-6b54bd2b96ca", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.21-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a2dd3916-ce09-5871-95f5-92ed89574094", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.21-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:52d3d811-e05f-589a-a965-3baa144d84de", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 6.1.21-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d361913d-1f5b-5df7-a7cf-2eb756e7f334", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 6.1.21-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0fd324ec-5a59-5740-b74a-3d62896d1078", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 6.1.21-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e56b2841-9b63-5023-b669-9d3a348fac11", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 6.1.21-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:137d0610-7246-5924-86b4-952587cf6bb1", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.21-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a1ad8fd5-17d8-54c4-b0bf-8f04d03c8a71", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 6.1.21-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:de7fc838-c274-51ce-a50a-2c372e557c89", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.21-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b86ebac4-838b-5731-afe3-a0028d4ba7e9", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 6.1.21-tuxcare.3 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.21-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.21-tuxcare.3" } ] }