{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:9f60174d-85a6-5900-be5c-a39cf307f730", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-orm", "version": "6.1.21-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:2df6ae4f-1198-5535-b2ae-4b6f961717f2", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.21-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:78663728-459a-5941-ad14-17b9129c9722", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 6.1.21-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6c896964-2cc3-593e-a088-88b35348bd68", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 6.1.21-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:da28dc1f-b547-5f49-917e-6abdf0bf3c12", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 6.1.21-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4e81885f-9232-5a23-9893-7826a36165fb", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 6.1.21-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a443dba0-01a9-5765-90b6-84478a20b6af", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 6.1.21-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:86b05e7f-a413-5ab6-a613-418a8f4289c6", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 6.1.21-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:698b368c-1406-5582-9fab-fcccf48522a6", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 6.1.21-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c196d8c2-f4a1-5f0e-b0f3-3587f730354a", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 6.1.21-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:39bb46cc-f533-58a7-8cb5-4a5c04167ae6", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 6.1.21-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:221e81d6-cbfb-503e-b94c-479a1e65e5ba", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 6.1.21-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b5ce8268-3125-581b-a468-54caa235c4f2", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.21-tuxcare.2 of org.springframework:spring-orm. already_fixed \u2014 The target repository (Spring Framework 6.1.21-tuxcare.6) already contains both upstream patches that address CVE-2026-41840. The fixes were previously applied as part of TuxCare backports for CVE-2026-22740 (commit d8aa04a97f, 2026-06-08) and memory leak fixes (commit e7c90921fd, 2026-04-29). Both doOnDiscard handlers are present in the current code, preventing resource exhaustion from multipa..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d8944ed1-2ea7-5f2b-a0f0-7fa1b80a3c5a", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.21-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:458a6f7e-c6db-5456-8cc2-c8e451b8f62f", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 6.1.21-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7ef5f68d-f279-5744-b32a-d8dd84020df2", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.21-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:14ad1538-4c58-5a45-a12f-4cc04c8e9cae", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.21-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0c582324-6dce-5e87-9c73-e22683d4a485", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 6.1.21-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5c5fa983-9b79-5a6d-a6f2-4d65ce815ea5", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 6.1.21-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:24a3496d-545f-59aa-83c5-219c47332c4b", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 6.1.21-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a5695c17-9ed7-5907-8352-818af06c2330", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 6.1.21-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:af9a3382-70e3-5881-8a34-79bda6486a60", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.21-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fc6b04dc-bf40-5abd-9322-701c5ec2ad46", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 6.1.21-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0f58a9b0-9732-5fd0-875b-d1c50a808900", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.21-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:40c5c4a4-b0cb-5b50-97eb-5feafe6c9dd0", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 6.1.21-tuxcare.2 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.2" } ] }