{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:ff26eab2-3490-5d12-920e-d6805c03a9a2", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-web@6.1.21-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-web", "version": "6.1.21-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-web@6.1.21-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:4e9a9d4e-a670-5dfb-8c2c-36008400322d", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.21-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8e734bbc-02a3-55e2-a948-e4427c16498e", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 6.1.21-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:053719f6-562c-51dd-a3d0-7b833238482c", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 6.1.21-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:512a1486-fb2b-59f9-8da6-8876b782e2e2", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 6.1.21-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b0067841-e8f5-5f31-ba86-c7c0fedd7bf3", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 6.1.21-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4ea0a6c9-be8e-5a77-a739-b63b931ae607", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 6.1.21-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:01fd99fe-5389-52aa-81e3-fb7343d11b50", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 6.1.21-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:adc22613-27f1-5579-b40d-e3527fed830d", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 6.1.21-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:725aeed3-50fe-5b40-8c96-7a10824fea03", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 6.1.21-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0385899b-34a1-5718-b56b-512dacd2e213", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 6.1.21-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3f332949-ec97-5ce2-9e46-b8bc91319fce", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 6.1.21-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:209e133a-00eb-5b00-af90-4c014c104e83", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.21-tuxcare.1 of org.springframework:spring-web. already_fixed \u2014 The target repository (Spring Framework 6.1.21-tuxcare.6) already contains both upstream patches that address CVE-2026-41840. The fixes were previously applied as part of TuxCare backports for CVE-2026-22740 (commit d8aa04a97f, 2026-06-08) and memory leak fixes (commit e7c90921fd, 2026-04-29). Both doOnDiscard handlers are present in the current code, preventing resource exhaustion from multipa..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0fc9769e-8641-509e-b536-3e7be55a8079", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.21-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ad4ceb97-f52d-57e4-9586-622ed6ec0255", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 6.1.21-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5dab2a88-59cd-5cc3-a537-faea808f17e2", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.21-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7ecb3bd0-fbdf-5ed9-b524-9b2f9d4d2d6b", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.21-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0710ca77-57ad-5ad7-bf20-085004dc0b1a", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 6.1.21-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:beac05f7-7fea-5cd7-8b9b-8dbeead6160f", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 6.1.21-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:16808d8e-3ee7-585a-9c07-6c62f4db1b6a", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 6.1.21-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dc92a4ec-4d7e-50cb-b7c0-8ec1872da438", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 6.1.21-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6160b5aa-d4aa-5716-a988-e502365447f7", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.21-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:93a8af7f-959f-5fdd-825c-09e755bbe149", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 6.1.21-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f41924cc-fb48-5f5e-bd0b-668253635f0f", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.21-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.1.21-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2760c8a7-5ef2-5035-8998-873de0fbdd71", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 6.1.21-tuxcare.1 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.1.21-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-web@6.1.21-tuxcare.1" } ] }