{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:598dd8a9-5e2f-55a9-8c92-35ae670373d1", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-webmvc@6.1.21-tuxcare.6", "type": "library", "group": "org.springframework", "name": "spring-webmvc", "version": "6.1.21-tuxcare.6", "purl": "pkg:maven/org.springframework/spring-webmvc@6.1.21-tuxcare.6" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:193e17f9-8a36-5331-a0ac-f30d9d3b6899", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.21-tuxcare.6 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:505ba5f9-c085-5982-a8d6-c633b62b53fb", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 6.1.21-tuxcare.6 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:a9c612e4-d1d7-5743-ad61-f3aa2fa15514", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 6.1.21-tuxcare.6 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:a7f518ed-78d0-56ef-bcd9-4eba47de938e", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 6.1.21-tuxcare.6 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:49eb1d1a-99b9-5d77-8f0f-d49d931c192f", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 6.1.21-tuxcare.6 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:0737471e-19d1-5d5c-9ee1-b0311e0a41b5", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 6.1.21-tuxcare.6 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:e488beef-d2d3-5efd-9609-d14532edeed8", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 6.1.21-tuxcare.6 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:0e82c790-b2a5-5ae7-a946-56d8ba5f8388", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 6.1.21-tuxcare.6 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:59e4582e-9e57-5dec-b678-7039fb39710e", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 6.1.21-tuxcare.6 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:2bb64990-41e8-507a-8e5f-1eb7a8bf45c9", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 6.1.21-tuxcare.6 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:db50ae3e-99ed-5151-ad14-64588bb740ef", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 6.1.21-tuxcare.6 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:5efc5572-e390-5271-8a18-e62db6f5bd5a", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.21-tuxcare.6 of org.springframework:spring-webmvc. already_fixed \u2014 The target repository (Spring Framework 6.1.21-tuxcare.6) already contains both upstream patches that address CVE-2026-41840. The fixes were previously applied as part of TuxCare backports for CVE-2026-22740 (commit d8aa04a97f, 2026-06-08) and memory leak fixes (commit e7c90921fd, 2026-04-29). Both doOnDiscard handlers are present in the current code, preventing resource exhaustion from multipa..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:be6787fc-28cf-5128-8535-bc3c89f6d2a5", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.21-tuxcare.6 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:9ce9b7df-670b-59f7-ab4d-65cb86548852", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 6.1.21-tuxcare.6 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:6d7e82cb-8621-5df6-bf77-669ebb9c0398", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.21-tuxcare.6 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:99340e46-fa6c-5d23-804a-dcb0f71ab444", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.21-tuxcare.6 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:7cd94353-57ce-53a3-a9b1-dd05e7627a09", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 6.1.21-tuxcare.6 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:5027ec41-1de6-5eb3-84ed-d9d0a1c0f0a4", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 6.1.21-tuxcare.6 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:c230204e-2ca1-5690-a832-5210ffc5d103", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 6.1.21-tuxcare.6 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:1603b30b-3902-50cb-90c7-2a25f69199a3", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 6.1.21-tuxcare.6 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:51d8777d-cec1-52be-af62-a02a5fed2d5f", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.21-tuxcare.6 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:cb4ca37c-4f58-523a-a1a0-b45744e674cc", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 6.1.21-tuxcare.6 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:7c65eefd-5a8c-5cbb-8246-19201ca803a6", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.21-tuxcare.6 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:db2958b8-8ec5-5f35-be7b-151fb6b17d57", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 6.1.21-tuxcare.6 of org.springframework:spring-webmvc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.21-tuxcare.6" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-webmvc@6.1.21-tuxcare.6" } ] }