{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:c529bc87-1c28-54bc-9a83-63001e393436", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-webmvc@6.1.21-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-webmvc", "version": "6.1.21-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-webmvc@6.1.21-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:6e7a6f3e-c3bd-5962-bb14-04fad87acbe1", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.21-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ab9e24f9-e092-5385-a751-febb34e0f4cd", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 6.1.21-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7a3db083-099e-5c14-bab8-729231763590", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 6.1.21-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a868431b-0996-5aef-81eb-df55edd58cb8", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 6.1.21-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:09ff5f9f-83a9-5030-8af9-4ae5b6212a9b", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 6.1.21-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f1d72702-8755-5aa0-ac31-03d3ae2d765e", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 6.1.21-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:62c0ff34-6303-5df2-8611-535eced93e4b", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 6.1.21-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f072184e-aab7-5155-89e2-e85d2c4f7495", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 6.1.21-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:af001c2c-d467-5c83-8c5d-38305845b280", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 6.1.21-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e8b6a03c-f299-58a1-9dda-e6bca82f320d", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 6.1.21-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:eeb17ee1-da37-5548-a098-b9d4ed6338e2", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 6.1.21-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f0f8dda3-400d-5227-8f18-e2c9a7f3ae44", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.21-tuxcare.2 of org.springframework:spring-webmvc. already_fixed \u2014 The target repository (Spring Framework 6.1.21-tuxcare.6) already contains both upstream patches that address CVE-2026-41840. The fixes were previously applied as part of TuxCare backports for CVE-2026-22740 (commit d8aa04a97f, 2026-06-08) and memory leak fixes (commit e7c90921fd, 2026-04-29). Both doOnDiscard handlers are present in the current code, preventing resource exhaustion from multipa..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f083faed-3631-5420-8abb-e5b09cac5823", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.21-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d466a0f2-47cc-524d-ac52-000bd092b1b2", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 6.1.21-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ba35917f-999a-53ea-8c98-2de550d7ae5a", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.21-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c9258ae3-2e9a-5171-9e8c-8a80e634ca52", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.21-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:789ac94e-942b-572a-b84b-9f0d3beda601", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 6.1.21-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:38998cbe-63ee-5afb-8132-2222acb5fff7", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 6.1.21-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:69cdadbc-5a82-5603-b8dd-fb5bb8ad1882", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 6.1.21-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7b2194e9-7b21-56e8-ba51-346a68753e6f", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 6.1.21-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4a807735-3623-5711-bd96-a9fcfe083d57", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.21-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bf794dba-f526-5eec-8941-043895269f51", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 6.1.21-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f55027a6-1ca2-5aac-a6aa-f286f6215121", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.21-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0832549a-3154-5084-9133-d1ceb764f69c", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 6.1.21-tuxcare.2 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.21-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.21-tuxcare.2" } ] }