{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:acd77421-e05f-5e41-8b76-c6ada93f4474", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-orm", "version": "6.1.21-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:3570fd46-1de7-50da-9127-8ac68fa6de86", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.21-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:60c5423d-33fe-501f-9c8d-c804ade1b287", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 6.1.21-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:af9239f0-d903-5d31-a80d-b689804a9e87", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 6.1.21-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5b97d2b2-1fcb-5fa3-bc8d-431b3a02c885", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 6.1.21-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ce95779e-36b5-5bf6-82dd-f7c346b113e0", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 6.1.21-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:40b2c5ce-5992-50ca-bb6d-ffb857ecedc6", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 6.1.21-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:20d38bb4-320f-5373-821a-fbba9203ad06", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 6.1.21-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:995e7aa8-62c3-5233-bbe3-c13f06e249a8", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 6.1.21-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ead55d2f-c93b-54c5-99d0-44add19a0ff1", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 6.1.21-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b63ac580-5a6a-5451-86a1-0df948f36c72", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 6.1.21-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cfca822f-f959-504b-97bb-a8225a5d6624", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 6.1.21-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:90984e36-53b5-5060-b514-d4ec92e861e1", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.21-tuxcare.1 of org.springframework:spring-orm. already_fixed \u2014 The target repository (Spring Framework 6.1.21-tuxcare.6) already contains both upstream patches that address CVE-2026-41840. The fixes were previously applied as part of TuxCare backports for CVE-2026-22740 (commit d8aa04a97f, 2026-06-08) and memory leak fixes (commit e7c90921fd, 2026-04-29). Both doOnDiscard handlers are present in the current code, preventing resource exhaustion from multipa..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0d64925a-fe6d-5cbe-92b6-28f0fe7df7d9", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.21-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:48b9e838-c23e-5f0b-b13f-9b320e3a6412", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 6.1.21-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e7639b3a-5766-5d26-8446-f7924621c790", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.21-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dbb02de2-a2eb-56e1-be2d-ca84bb1ae54b", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.21-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e84b066e-93f6-5eae-92a8-c6b7733ffabe", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 6.1.21-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:18722116-a2ab-507b-92f1-4d50ecf054c8", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 6.1.21-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9d3316fc-64ea-57c9-90f4-7fb556cfacc6", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 6.1.21-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4a1446ee-0506-56a7-a828-ea2500d78713", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 6.1.21-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:eb8b5057-52ba-5277-b9d2-119e3c569255", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.21-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2c0a2557-8ccc-5855-bbbc-7e06d20ad3dc", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 6.1.21-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a06008e1-816e-500a-9aff-eb55c426b4cb", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.21-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:34fb1b89-8bcf-5e14-ad86-7910d7779123", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 6.1.21-tuxcare.1 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.1" } ] }