{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:bb24a9ee-c937-520b-8185-ebd4b20608f7", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-web@6.1.21-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-web", "version": "6.1.21-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-web@6.1.21-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:d0820cac-f869-56ad-a706-9094481bffa8", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.21-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a751db52-ad29-5d04-9d92-7208342a5e60", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 6.1.21-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f2e3367d-391f-52d4-80f3-c81ca3fea886", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 6.1.21-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8e8dc15d-73c8-56cd-bfc6-c6c467be9dd1", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 6.1.21-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e36e2e7d-ab28-523c-9f21-45acbf864bae", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 6.1.21-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dab4d3fc-6f9f-59ca-b04d-bd219932d1f8", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 6.1.21-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:21c6ec80-2334-555a-9af7-e0f1f49944c5", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 6.1.21-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:86ac19d8-6749-5472-b06d-e61228374845", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 6.1.21-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:84abb765-5991-59d2-9d01-2f0f0fa46ce3", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 6.1.21-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:21875a48-d8e2-55bc-b320-37afc26dd285", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 6.1.21-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b68a4c62-19d3-538d-99ff-bed0d43aea1d", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 6.1.21-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4b15d439-d9e6-5b19-b285-18ddc37510bf", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.21-tuxcare.2 of org.springframework:spring-web. already_fixed \u2014 The target repository (Spring Framework 6.1.21-tuxcare.6) already contains both upstream patches that address CVE-2026-41840. The fixes were previously applied as part of TuxCare backports for CVE-2026-22740 (commit d8aa04a97f, 2026-06-08) and memory leak fixes (commit e7c90921fd, 2026-04-29). Both doOnDiscard handlers are present in the current code, preventing resource exhaustion from multipa..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c7f57c4f-8dd2-5aaf-8a31-fe973a15f62d", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.21-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b3521565-b1a6-5d30-8c2a-c3a0fe0cb838", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 6.1.21-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:88b57064-c32e-5cb2-8efa-0ecad29f5322", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.21-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a0d6f2f8-fdc6-5dd0-b168-073f1e657e72", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.21-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:101af921-b1dc-52c3-be22-8ef06001abc0", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 6.1.21-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:629a3ab0-1b91-524a-b681-0d4a53ad9832", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 6.1.21-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f893907a-988c-574a-a2cc-2d738bca285e", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 6.1.21-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c95932a0-a32e-5593-9805-083cc372506f", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 6.1.21-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:95dfc912-13b3-5185-827c-5a19872d0900", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.21-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f4058f01-e277-5916-aec7-915c5432e1db", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 6.1.21-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ad14a803-f45e-5850-805e-fefd792f65df", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.21-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9903bff1-2d97-588b-9459-02b3aca07a98", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 6.1.21-tuxcare.2 of org.springframework:spring-web." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-web@6.1.21-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-web@6.1.21-tuxcare.2" } ] }