{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:7b6dbd9f-5a4f-5304-85ba-0e5679f34398", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-test", "version": "6.1.20-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:ccd043b5-59a3-5382-818e-7984076d6bee", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.20-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:67134346-12d3-58da-8db0-56f9648dcb1e", "id": "CVE-2025-41234", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41234 is fixed in version 6.1.20-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:63a7e294-8be8-5d0b-b286-b44a7e6356ec", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 6.1.20-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:91d219b8-8347-5ecf-bb9d-63af16f1b2c8", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 6.1.20-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:02133973-e5bc-5f10-ab73-a90a76f67c89", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 6.1.20-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:805d2cfe-022a-521c-886e-f880dec4672f", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 6.1.20-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9d51d2d5-c763-5c35-a303-8ab979c1dd4b", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 6.1.20-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9e25846e-df1d-5ed9-84da-b6dcf3dc4be7", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 6.1.20-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:122374a1-3b81-575c-a648-1cf0692dd2cd", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 6.1.20-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c586cfe2-390a-550d-a902-dbe6f0a30a35", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 6.1.20-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:de878aa5-57ac-59df-b433-4623880a0b10", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 6.1.20-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0e0a271d-5e9f-54ef-84a4-f700dda12b18", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 6.1.20-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5fad674f-3567-5ecc-b5c2-3ed5bcd4c7c5", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.20-tuxcare.4 of org.springframework:spring-test. already_fixed \u2014 Spring Framework 6.1.20-tuxcare.4 already contains both doOnDiscard handlers that prevent the multipart memory leak vulnerability. The fixes were applied via TuxCare backport commit a6b78f2a1c on May 19, 2026 under CVE-2026-22740, which appears to be the same or closely related vulnerability as CVE-2026-41840." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f3f3c156-dd78-54cd-a1f1-2f4a5d07f087", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.20-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3174613b-2bf0-58e6-85e9-4a776c77dfcd", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 6.1.20-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4b8b6e99-033b-5f4f-bf59-6e2d5d0042a5", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.20-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f75907ec-2874-5269-8057-109e761f9ad6", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.20-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ed61d854-5ae0-5e17-a592-2846cff24105", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 6.1.20-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d624089b-b060-58ac-95e4-7a7700ac5acd", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 6.1.20-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9b3371fe-d508-5b28-a508-69eb1545c37d", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 6.1.20-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b5de3489-a3d5-5305-9bab-498d1e230c0d", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 6.1.20-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7533c644-912b-52c5-8779-928bdf872e88", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.20-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7150cade-57e1-52a9-a92f-f2181831e679", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 6.1.20-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:acb2095f-311d-5106-9e55-caf1309d18fc", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.20-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7bf01ee3-0232-5bb0-8803-a05d290b4428", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 6.1.20-tuxcare.4 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.20-tuxcare.4" } ] }