{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:fc724c07-9b94-5cdc-b0f1-30b3a989eed8", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-test@6.1.21-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-test", "version": "6.1.21-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-test@6.1.21-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:d4985a6c-96e0-51a4-a7c6-750ffec82efb", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.21-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0925c3a1-6cb5-5891-94d5-c4f94b540ca3", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 6.1.21-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4c0cbf7c-f964-553f-80bb-904da95e8661", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 6.1.21-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c45494ac-4ad8-5da1-b47b-3bfbc7a112a3", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 6.1.21-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f4e903bd-bb92-512f-a112-c3b583a75adc", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 6.1.21-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:13acb934-8f6c-521b-bf74-c78820fa0b25", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 6.1.21-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d255bbbe-6011-56d7-a6c1-6ab61c3192c1", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 6.1.21-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8307a492-0821-55ff-9379-e545a3916538", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 6.1.21-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c9d4114f-6a4e-565f-acf4-dddf5c204559", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 6.1.21-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4ca97a12-1c21-5892-89d9-0f70957e5fce", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 6.1.21-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d39691f4-41d6-5681-af5b-995af7c8a230", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 6.1.21-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:28e7057c-e0be-5561-8cc0-df44cbe0979c", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.21-tuxcare.1 of org.springframework:spring-test. already_fixed \u2014 The target repository (Spring Framework 6.1.21-tuxcare.6) already contains both upstream patches that address CVE-2026-41840. The fixes were previously applied as part of TuxCare backports for CVE-2026-22740 (commit d8aa04a97f, 2026-06-08) and memory leak fixes (commit e7c90921fd, 2026-04-29). Both doOnDiscard handlers are present in the current code, preventing resource exhaustion from multipa..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f670db42-8b88-546e-8279-69182da8f9f6", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.21-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d1b980df-e21e-59b0-9c92-9dff31b61f8a", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 6.1.21-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e6266163-26e4-5f63-9967-b38e5d32901f", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.21-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d3db6d83-a87b-53b6-828b-70c771d5172d", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.21-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:638d8535-57cc-55f2-82d9-5f1d7fd48904", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 6.1.21-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:46aee831-cbc9-5de9-83b9-8f6dc15f2297", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 6.1.21-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2da8a495-60ff-5a4b-811c-b78fb61ddaab", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 6.1.21-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:20a584d9-7105-5bf7-8831-400ff40cf647", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 6.1.21-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:eae66c58-34ef-58a6-bfc9-653368bec866", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.21-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:886ab96d-d0b7-52bd-96d5-4ea45a8c1893", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 6.1.21-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4eea8759-fa27-536e-ad54-c97f216609ae", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.21-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:90e5394d-5820-575e-8115-19be03481aa1", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 6.1.21-tuxcare.1 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.21-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.21-tuxcare.1" } ] }