{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:4bd957f6-47b7-5c3c-ab22-c70382e02a11", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jdbc@6.1.21-tuxcare.5", "type": "library", "group": "org.springframework", "name": "spring-jdbc", "version": "6.1.21-tuxcare.5", "purl": "pkg:maven/org.springframework/spring-jdbc@6.1.21-tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:e6cddfce-c4c3-56d1-a22d-3e8024a99b56", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.21-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f0459f40-2723-5feb-bef1-bfc9016a7432", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 6.1.21-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:14ce2633-80c7-51fa-99f2-c283b8bab290", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 6.1.21-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:4e18da03-8e88-56ea-ac0c-3e313fea8bdf", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 6.1.21-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:8c21a948-335b-55a0-8de6-f5dcfeec4434", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 6.1.21-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f4bf0e1c-a485-5d55-ac89-dd340b171562", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 6.1.21-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:be1f0af2-449f-550b-87cc-393eb4bca141", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 6.1.21-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:cf701fc0-d44a-56a5-a884-60066382398f", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 6.1.21-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ffe4e4cc-13eb-5f20-b964-2862db612795", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 6.1.21-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f6007d1b-aa1b-5a58-af0d-ca5448ea30ec", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 6.1.21-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:cdc670a4-0c7d-521b-a57d-36b403eeb9a4", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 6.1.21-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:0b05c345-6b06-537c-983f-b9076e1e4bd3", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.21-tuxcare.5 of org.springframework:spring-jdbc. already_fixed \u2014 The target repository (Spring Framework 6.1.21-tuxcare.6) already contains both upstream patches that address CVE-2026-41840. The fixes were previously applied as part of TuxCare backports for CVE-2026-22740 (commit d8aa04a97f, 2026-06-08) and memory leak fixes (commit e7c90921fd, 2026-04-29). Both doOnDiscard handlers are present in the current code, preventing resource exhaustion from multipa..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:46b1a41f-c321-5e98-8356-bba904fa6116", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.21-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e21f00c9-799f-5aaf-89ff-929a884cb0b2", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 6.1.21-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3099e223-3a4d-5799-94ea-48fcb37f8b58", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.21-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:adcd7ff8-0ab5-5067-bd8e-befb654c7859", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.21-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b7d73594-c3ff-56a5-a2d9-0703d4728fd4", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 6.1.21-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:17def46d-2129-539a-9b3d-70f6a5a9c66a", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 6.1.21-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:645ae981-0373-5b3d-8855-678954f3e2e9", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 6.1.21-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:0e14208a-9e07-53f7-b18a-666e0cbbb111", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 6.1.21-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:67c89795-713e-5735-aafc-264600939641", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.21-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:92df126c-c96d-5a17-bd84-e2eb2a94605b", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 6.1.21-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7443978b-5872-55d7-b9ac-4e9cf071f4eb", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.21-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:93c6c7a3-d93c-5821-8fb6-aaa24402a54a", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 6.1.21-tuxcare.5 of org.springframework:spring-jdbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.21-tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jdbc@6.1.21-tuxcare.5" } ] }