{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:a569bc86-e6cc-5439-a353-e53582c78e23", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-test@6.1.21-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-test", "version": "6.1.21-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-test@6.1.21-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:17c2a666-9431-511c-9dbd-3cfe75309fd4", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.21-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5ec0ac2c-ae11-5b11-870f-23d9691af8fd", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 6.1.21-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6532aa97-ffd2-500d-8c26-6d11cc79376f", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 6.1.21-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cfd2d4f9-142a-531c-8831-eedb95e9f817", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 6.1.21-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a346c679-0704-5816-9920-d0ce4e8f78ec", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 6.1.21-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:659f36fc-18ea-5244-a896-cd40f7788f74", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 6.1.21-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a0369067-238d-5647-aab2-586d83c43baf", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 6.1.21-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d6e7c2f0-5282-54bc-bf24-d65713d88154", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 6.1.21-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e848c404-6e6f-51e9-90b7-1f2784928439", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 6.1.21-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2c765225-1bb8-57e1-bca9-9c9612c161c4", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 6.1.21-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9439f5a9-e55c-501f-a9dc-803eef9bd933", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 6.1.21-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fd1d8898-ee19-5fbc-9b4b-e177cf1a637c", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.21-tuxcare.2 of org.springframework:spring-test. already_fixed \u2014 The target repository (Spring Framework 6.1.21-tuxcare.6) already contains both upstream patches that address CVE-2026-41840. The fixes were previously applied as part of TuxCare backports for CVE-2026-22740 (commit d8aa04a97f, 2026-06-08) and memory leak fixes (commit e7c90921fd, 2026-04-29). Both doOnDiscard handlers are present in the current code, preventing resource exhaustion from multipa..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e5775f31-b791-5d2e-88bc-9ccd6061b8cd", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.21-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bd971808-39d0-59d3-bb56-ae7511f210fe", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 6.1.21-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a06e01a8-1b5c-5011-80ba-a041b5a39dd6", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.21-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e478b67a-3c1c-585e-9502-49788c208b2d", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.21-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:255c9443-42a2-5c60-b402-e739cba76a0d", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 6.1.21-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8be45e19-1f5d-574c-8ed8-9e22b5df9795", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 6.1.21-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:774bc776-9da7-5939-a820-645bb2cdaf7f", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 6.1.21-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ad56e2b3-219f-5560-90ab-7db9fa48b590", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 6.1.21-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e5903738-390f-53a2-9486-77cbcbb5cfc2", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.21-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:efbe3214-a066-5058-92b6-aa02c908a995", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 6.1.21-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:af901c95-1839-54fe-a6b3-e9011015c895", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.21-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fa254ca3-3551-5b61-b221-658c97edbdb5", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 6.1.21-tuxcare.2 of org.springframework:spring-test." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.21-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-test@6.1.21-tuxcare.2" } ] }