{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:f27ae0ca-ae6d-5a0f-97d8-ded1f03ee91a", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-orm", "version": "6.1.21-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:11ff44d7-f68a-5fba-aa9c-b32488b006aa", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.21-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:680daa29-6eb7-52b7-a9cc-bd6c4baaf684", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 6.1.21-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f58ca7d6-9978-51a2-8d5a-9b8511641514", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 6.1.21-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:30439655-d3a4-58cc-8c11-bca380079949", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 6.1.21-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:637a981e-7da2-59fc-878c-47c568aac214", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 6.1.21-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1a4de7c6-38bc-56dc-aca5-ff56176fd1b5", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 6.1.21-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c677251e-1057-5d64-9956-9ad2ac23bb91", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 6.1.21-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3a7d454f-e01f-56f7-bf93-8fc54c55c771", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 6.1.21-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:37c1609f-8b92-5d30-9007-e23c4e251876", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 6.1.21-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7deb5090-7b18-595d-8960-2ad49a2256f0", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 6.1.21-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:29695a39-5fe0-55a4-a1ca-cced388b02a6", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 6.1.21-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3458f687-986b-5bd3-878f-9c234323ee40", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.21-tuxcare.3 of org.springframework:spring-orm. already_fixed \u2014 The target repository (Spring Framework 6.1.21-tuxcare.6) already contains both upstream patches that address CVE-2026-41840. The fixes were previously applied as part of TuxCare backports for CVE-2026-22740 (commit d8aa04a97f, 2026-06-08) and memory leak fixes (commit e7c90921fd, 2026-04-29). Both doOnDiscard handlers are present in the current code, preventing resource exhaustion from multipa..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8d870a31-8add-5676-a5e7-7954cd819ab7", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.21-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d09266ff-a71c-5af7-8371-4baed59c6e2a", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 6.1.21-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0b5437fc-60e3-51fe-9aa7-592d24b3b2a4", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.21-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bc523dfd-fa1d-5e59-9919-9f7c47e2272b", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.21-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:16972f06-4e0f-5dd4-8685-79b7efc0f4a5", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 6.1.21-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:00aadf9e-4232-5006-be6a-b418c8306591", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 6.1.21-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ac3e79d7-3c41-53c6-9f75-3f749b29eb85", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 6.1.21-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:851dc65f-a111-58a7-a5f8-221a66eedc21", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 6.1.21-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b0317b9f-c6f7-5421-8e97-12868aa2a158", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.21-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a7f50f78-082b-584b-bb2a-3406030e3779", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 6.1.21-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:70f5dcc1-2814-56be-88af-74763cdbd510", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.21-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:969fd4c4-a1e5-5110-a413-b7d202bd5c3b", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 6.1.21-tuxcare.3 of org.springframework:spring-orm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-orm@6.1.21-tuxcare.3" } ] }