{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:f064cf39-e62a-562b-8304-ad1075dae06d", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-oxm@6.1.21-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-oxm", "version": "6.1.21-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-oxm@6.1.21-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:3f97719a-e3e5-5274-918b-21b8949cf3e0", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.21-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e5c8ebfc-9028-5a6d-96ed-a3d55412e953", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 6.1.21-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7dd3152d-d927-53b8-b421-e4cbd84d5e44", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 6.1.21-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d31b9109-c4ae-5361-9e81-0f9e7c914c29", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 6.1.21-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:204e8bcb-536b-5c3b-9c68-37d61f6bcaa2", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 6.1.21-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5e118006-e2ff-51a2-b554-bea530096700", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 6.1.21-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e994e127-7c76-5c99-a039-ff5ec6e5db21", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 6.1.21-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:55208042-019d-5821-82ee-ffbd1853c179", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 6.1.21-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:07e5a59e-0f7d-5706-9546-178227bd3165", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 6.1.21-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:40b288d9-7ed9-53c3-b922-1cc258bc2180", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 6.1.21-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3061fdf3-6e1c-5394-bae1-bafdce2ab39b", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 6.1.21-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d61679a4-4b00-5e8b-817f-b37b5a7532bb", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.21-tuxcare.4 of org.springframework:spring-oxm. already_fixed \u2014 The target repository (Spring Framework 6.1.21-tuxcare.6) already contains both upstream patches that address CVE-2026-41840. The fixes were previously applied as part of TuxCare backports for CVE-2026-22740 (commit d8aa04a97f, 2026-06-08) and memory leak fixes (commit e7c90921fd, 2026-04-29). Both doOnDiscard handlers are present in the current code, preventing resource exhaustion from multipa..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0a401145-c24b-5087-8144-f1add7de84da", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.21-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5f965a5c-511f-51c7-a2c4-3865bcd0d25a", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 6.1.21-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cdef85ad-f624-592f-ab7f-06cca6597758", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.21-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:fdc003af-d294-553a-ae0d-61dbfd8ac959", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.21-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8700d92d-a080-5e61-9925-83d84d4592eb", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 6.1.21-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f7fda86b-414d-5828-97b7-d117c7c7afd7", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 6.1.21-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9dc09d18-2bd7-5eb3-bb1d-398086e29072", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 6.1.21-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cff5e0b8-0114-55e8-974a-598b9ae3a0d8", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 6.1.21-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ae63b5dd-6adf-5552-bbfe-920ca8e47ca7", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.21-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a5c07d66-c39a-5acb-b669-624fc267828a", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 6.1.21-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b9308be8-39a0-5ddf-ae82-daaf3f23ff30", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.21-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:329b951b-c008-5eac-8eb0-0badfb39b28a", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 6.1.21-tuxcare.4 of org.springframework:spring-oxm." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-oxm@6.1.21-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-oxm@6.1.21-tuxcare.4" } ] }