{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:0676294c-80b7-5b3b-9a3a-bbc413e7a062", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-test", "version": "6.1.20-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:3f3d7bf7-66e9-549f-bf6c-f45fe29e3c86", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.20-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ae270d89-10a6-56bb-b473-e38fbf6566c9", "id": "CVE-2025-41234", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41234 is fixed in version 6.1.20-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:67c5a880-b10d-5f38-a347-46620f66d6a4", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 6.1.20-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:53da870b-a285-5cd3-b9e5-87f2b367fc34", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 6.1.20-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b7975045-6cfa-59de-b183-90191e7da826", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 6.1.20-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d31d6b56-2f2c-5883-b44e-2a52f3706c4d", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 6.1.20-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9c7e91c7-81cd-5c5d-919d-6a6474f8009f", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 6.1.20-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:69f2cd5d-7ba8-5684-8cb5-cf4a47dae57b", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 6.1.20-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:32680961-4568-5969-a1c6-b9e807339a30", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 6.1.20-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b7abd313-ebaa-529e-9f55-07a72784390b", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 6.1.20-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a7db54b4-1aa1-59bb-9e3c-51dae5820877", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 6.1.20-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:aff43c25-df18-531f-ad35-4e864aa911d2", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 6.1.20-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fcdabae4-3220-5f7f-a2a5-40dc3233d4af", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.20-tuxcare.2 of org.springframework:spring-test. already_fixed \u2014 Spring Framework 6.1.20-tuxcare.4 already contains both doOnDiscard handlers that prevent the multipart memory leak vulnerability. The fixes were applied via TuxCare backport commit a6b78f2a1c on May 19, 2026 under CVE-2026-22740, which appears to be the same or closely related vulnerability as CVE-2026-41840." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f8d62ac1-0291-5222-a565-f4d254dbe9c6", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.20-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:342340b7-887c-51a1-85ab-62ab9d8b6760", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 6.1.20-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2571515a-ed27-56e9-956f-4c43e8bc3b0d", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.20-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:04b22a07-668f-5b69-bff1-a30768b07c9b", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.20-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d32de450-9d2c-5229-b920-9ff2a9650870", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 6.1.20-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5ef77a3b-77ed-57ee-9842-2777d3d8ab0a", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 6.1.20-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e1549e87-ccaa-5589-8737-13cd20596fe6", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 6.1.20-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7d7f7fc7-f3da-5716-a3db-c92d68f7285d", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 6.1.20-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:533086f0-0e9a-57b1-b1ec-c07a23544749", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.20-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c7588fb2-1fc4-572b-b3ee-ce1b132c5ed5", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 6.1.20-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6e9b2903-e215-5832-828c-a51ac047f1a5", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.20-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:17125efe-0d12-538a-8d07-81c171305d37", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 6.1.20-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.2" } ] }