{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:b4483025-c9a2-5c90-a314-de319e14e83a", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-tx", "version": "4.1.7.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:ad0d9423-ff70-5806-9646-34df59f306cd", "id": "CVE-2015-5211", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-5211 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d5ad92f9-7abc-53fe-bf63-a4c72ca032b2", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:07c7c98c-80da-5ec0-8019-7067ea5f0bb0", "id": "CVE-2016-5007", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-5007 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8396fcad-c0d7-585d-bef0-ab0ef0596a63", "id": "CVE-2018-11039", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11039 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:786fc2d7-c0d8-5a0e-862c-3a8fbac07559", "id": "CVE-2018-11040", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11040 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5d37230f-c8b7-5ec6-8b30-49e1a9b09719", "id": "CVE-2018-1257", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1257 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b24f9582-e33a-52a8-b573-8fe23e6ad067", "id": "CVE-2018-1270", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1270 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a0ead863-8578-566d-b7d9-e59b27164802", "id": "CVE-2018-1271", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1271 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b7c93afb-20a2-5f08-ac81-c361b06cf084", "id": "CVE-2018-1272", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1272 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:163422bc-d3c5-5df8-91bb-5836f706d4fe", "id": "CVE-2018-1275", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1275 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:033f34fa-7d71-59a8-bcf0-5819b8755402", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:40b19e1a-e053-500a-93af-f2b595519d12", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:99e11e02-e38f-572f-b1f4-b43ab04287aa", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:277aa551-3738-5947-9f13-72bf6091c117", "id": "CVE-2022-22950", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22950 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c7bcf66a-cf58-5f95-87ed-1c1cf78083b8", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:862254d0-d97e-577f-a884-6f3c7d5aee37", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0c2745b4-f976-558b-9d5a-cf189db86041", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c0f60603-fc8d-53fb-859c-1552055f1b16", "id": "CVE-2022-22971", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22971 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:610c6547-9042-5da5-97f1-a2450d691a51", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0c5c5781-b0b5-5981-a3ae-fd21794dd1a4", "id": "CVE-2023-20863", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20863 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fbf062c4-fe27-5626-a6c5-74ee8aa88d44", "id": "CVE-2024-22243", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22243 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:429ebb7b-3eb2-5f77-b1fb-6027d3a09583", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bc2abcf1-72b3-5ea3-8c70-5389fee1b887", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:24317678-6bd7-529c-953e-ee687cf59b88", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7e9f60e1-89f6-5c8e-a6f2-0de20402aded", "id": "CVE-2024-38809", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38809 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:40664c3f-900e-5625-802a-0d0e146ca08e", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0b87611d-3f44-5526-abc1-e03daf95183e", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e55a6189-57be-521d-8ea5-4f4a052aee56", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e327e5b5-9791-5daf-bfc7-44efbce70266", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e4b7a37a-f510-5b32-bdf4-3c33e61fb8e7", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a115b35c-7c16-590f-9fa7-ffb4545c7e11", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:19b1cfc6-81e2-5bcb-b552-44e7ee0c5f04", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:27c77153-e0a0-583d-9146-52f44a94bcc7", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d2cf5e4d-57d0-5d2a-a16a-d39ab5001028", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cf5d7111-2471-53e7-8cf2-434b85ebd881", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:17a7cfd0-8ebd-51e9-a419-c191c98e2631", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e57ec970-f0c4-593b-90e3-eab6372b77a3", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f865594c-938e-5c57-8812-4a816fa6c657", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7e14f9d8-bee8-5d0d-b9c6-dbe4d7495759", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7fd18634-6836-5b55-bd0c-9309e54711b8", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e94fa1a9-2fc0-537b-8252-e809fef85ad1", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c6864ca0-d51d-5288-bacf-94d07dab0748", "id": "CVE-2026-41852", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41852 does not affect version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-tx. not_affected \u2014 Spring Framework 4.1.7.RELEASE is not affected by CVE-2026-41852. The vulnerability requires record-style property accessor support (empty-prefix method lookup), which was introduced in Spring 5.2+ and does not exist in version 4.1.7. While this version lacks void return type validation for getter methods, it cannot invoke arbitrary zero-argument methods as described in the CVE." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:069256c3-dbb8-578f-903a-9d4fcb38c540", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f2ddd61a-0e7e-5a54-991f-4d1023762399", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.1.7.RELEASE-tuxcare.2" } ] }