{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:41f0180f-4b74-58ef-86d0-cd8899666fa8", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-webmvc@6.1.20-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-webmvc", "version": "6.1.20-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-webmvc@6.1.20-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:f704460d-e1a2-5579-88ee-08d3b03cfadf", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.20-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:79e371f4-059b-5010-b0ad-b41a3a9b0188", "id": "CVE-2025-41234", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41234 is fixed in version 6.1.20-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:17e48719-85d2-5290-af19-68d8d1e3f355", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 6.1.20-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7e7a6da9-9b42-5a98-be85-cc39743012d0", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 6.1.20-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ae1eded0-d66a-5656-994c-d1692d568ebe", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 6.1.20-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2898fb38-d53f-562e-b8a2-649bc305b2a0", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 6.1.20-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8d3956e0-faec-5a5e-a49c-db0de522ca03", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 6.1.20-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:46d16b16-52b7-5b52-9cf0-36f146a98382", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 6.1.20-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:77f1efb8-a007-5d8b-89bd-4b768c014b0b", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 6.1.20-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1ffd377a-dd10-595e-a19d-c1831afd4dec", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 6.1.20-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a46849a2-f7dd-51ff-ae8c-360d9bd34f92", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 6.1.20-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:97cef725-6df5-5aa6-a724-83dec1de46f3", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 6.1.20-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7bfc324c-537f-51b6-a761-759a810f3b5e", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.20-tuxcare.1 of org.springframework:spring-webmvc. already_fixed \u2014 Spring Framework 6.1.20-tuxcare.4 already contains both doOnDiscard handlers that prevent the multipart memory leak vulnerability. The fixes were applied via TuxCare backport commit a6b78f2a1c on May 19, 2026 under CVE-2026-22740, which appears to be the same or closely related vulnerability as CVE-2026-41840." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7ef90ff8-2364-55c8-afab-c3a09e65f552", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.20-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1c928110-111a-5e24-8475-d388c1e303d5", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 6.1.20-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bf457e03-d0de-529c-89e4-c9ba9863035b", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.20-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dbec36f3-aba8-5276-8fca-7e0c6f5bb435", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.20-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6f60fbe9-1b69-5227-9f58-af8c2adae946", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 6.1.20-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:79042814-57c7-5a9e-abd1-2d2a58b9dbb6", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 6.1.20-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b9d42d55-8e83-5297-942e-fa17a0a7b384", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 6.1.20-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9f11fdcf-232c-594c-94f4-fd093c0c21a5", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 6.1.20-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b44b1dc4-0950-5a3b-9541-12df0969b71f", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.20-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:94313bd8-be93-5d8d-8f11-5d317c64e263", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 6.1.20-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d378957d-1f2e-537d-97e6-72cb030265ba", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.20-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b49189fe-3773-54b3-a2bd-bc3c628cd9f8", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 6.1.20-tuxcare.1 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.20-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.20-tuxcare.1" } ] }