{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:88632620-05a0-539a-97b8-46f21481417d", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-test", "version": "6.1.20-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:c66216d1-ac12-5988-b88e-58c4d680956d", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.20-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8abca44d-28b7-5d27-ab2a-e125435d601e", "id": "CVE-2025-41234", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41234 is fixed in version 6.1.20-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b243dcb6-dd35-5e0a-b7fa-6193669c9c31", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 6.1.20-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e45e597f-e854-556a-ad0a-ccf34cfd6d2c", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 6.1.20-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7a2559a7-9999-5599-a589-7c6c4feaa0ac", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 6.1.20-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ea014f25-67a7-517d-a8ad-51cfae0e00ae", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 6.1.20-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3bee1e3c-2119-5f35-a2fe-aea54f37ae13", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 6.1.20-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6703a888-4ed3-597e-b8ae-bff102bab00e", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 6.1.20-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:71c9b5bd-4dd9-5768-8057-dd65b52bdbad", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 6.1.20-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cb18699f-e8d5-5d3e-bbda-8dc2176f1b17", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 6.1.20-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ec61999e-5000-5023-aced-a587aa9c8276", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 6.1.20-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fd25ce3d-47ec-5b60-bc12-063e57616bd8", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 6.1.20-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e49fbc17-1b05-5504-ba1a-6ba941efc251", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.20-tuxcare.1 of org.springframework:spring-test. already_fixed \u2014 Spring Framework 6.1.20-tuxcare.4 already contains both doOnDiscard handlers that prevent the multipart memory leak vulnerability. The fixes were applied via TuxCare backport commit a6b78f2a1c on May 19, 2026 under CVE-2026-22740, which appears to be the same or closely related vulnerability as CVE-2026-41840." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d0af49eb-7617-5ca0-ab6b-70af0a3f2c3a", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.20-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e35bb196-3051-5bd3-93a4-4f19cc87fa98", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 6.1.20-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9486d3ce-bda4-512c-ae13-53ae1d92c12a", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.20-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7edbeb09-7473-5577-abea-adfbcdd971ab", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.20-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d0ff52d4-09ca-5d71-9554-43223919b115", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 6.1.20-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ac6138d9-96d1-56a6-8e73-e19121476762", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 6.1.20-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d28e7812-a889-5dff-b03b-92789763e60f", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 6.1.20-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:be66e7af-c1ed-56e0-b3bd-cd400ea32cdf", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 6.1.20-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bbe611a3-34bd-5633-bcb4-da66f25e5f54", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.20-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5f5ae11d-383c-58b4-8a83-3f3032eb2914", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 6.1.20-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4d6e9f9c-5d6e-5b55-97db-09baf1230978", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.20-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f054a52c-088b-5869-9e8c-1a811bf031f2", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 6.1.20-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.1" } ] }