{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:bd9618fc-ebaa-55bd-b9d6-b0768d70e80d", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-tx@4.3.30.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-tx", "version": "4.3.30.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-tx@4.3.30.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:3880bc86-deb4-5e9a-9b4c-1503599c2365", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:48ce3546-a84c-55c7-b07c-3011e8243e99", "id": "CVE-2020-5397", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5397 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7f438048-262c-5a10-a26c-49886464b4ea", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:225a892c-0588-5caa-a736-54512712bccf", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2b1dc70e-50e9-5c39-a663-860547711e19", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cc0762a4-0f3b-57f9-9e57-6d95351c4823", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:130d3d82-7fde-57b9-a9e2-c0a50de7ce74", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d9670ce3-5cc3-5e4e-a3ba-5da80d4bbe6b", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d8891393-1ee2-5134-9c4e-534b9764f5b5", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:75ea0fb4-c168-5889-af8b-d7bde8e67a31", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1de733c0-440a-5823-a335-902fc2c59a5a", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2dbdb859-e0a1-5978-be49-4d6778db42b5", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:884da92a-cace-573f-aede-dfa11f270e5a", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:39eccda8-8321-5ad1-a986-0843828bdb18", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f66a0f9f-da24-5ea4-b831-e888eac77ec7", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:eb35cba3-09ff-52db-aa3d-6c99b966ccb5", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:475b56ce-ff4d-50e5-92f4-d6f8946ff32d", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4cb70017-9b0c-52ae-aacb-bd71eed64d05", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:abb45ed7-7f37-5299-b81c-baa55e81033e", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:44198def-24cb-53b7-bdcd-de5f7995ed47", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:68b4f6bc-d240-5030-bdb5-fde25d3625be", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a76cb253-8ccd-595c-a61e-7a263c21578e", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2d963395-7eaf-5933-b6e4-b59cdf4f44b5", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:99f0a9e0-543d-5bba-a7ef-b0b91f90d232", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8049a309-e871-5dcb-9ba6-98764684ec6b", "id": "CVE-2026-22740", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-22740 does not affect version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-tx. CVE-2026-22740 is a WebFlux-specific vulnerability (reactive multipart temp-file cleanup in org.springframework.http.codec.multipart.MultipartHttpMessageReader / PartGenerator). Spring Framework 4.3.30.RELEASE predates WebFlux entirely - the org.springframework.http.codec package does not exist in this version, and there is no reactive multipart code path. Per NVD, affected versions are 5.3.x, 6.1.x, 6.2.x, 7.0.x only; Spring 4.x is not in the affected range." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e30311fa-2594-5cbf-b0ea-ce007d36d91d", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6f18a7d4-a333-58cf-91b5-361ce758f7ec", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:791f2ca7-5d3c-52c2-b538-db26948218fc", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:35d9939a-34e9-557f-968e-af37fc9ac102", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a46c714a-f45d-5fde-a5c1-7d53ca461c42", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f647d62f-022b-5272-b045-44d774f17944", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1e58cd91-7441-5d95-906d-4e24de95d668", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7c600b3f-8590-5130-99e5-72f90755319e", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2d650974-6d20-574e-8876-f52e46688e5f", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f0093b62-9c2a-5b85-8c73-4803312ac57f", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6fcc72b7-b0a9-5a17-bbea-11333bc55fec", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c295f24e-5b8e-5087-84a2-882f921ad723", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:071d0443-0aa8-54a2-99b6-f9cd0803d276", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:88fb1d1e-562b-57dc-83b2-3902c184260e", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e5f95a12-526c-5c66-af87-8e024ab507e8", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.3.30.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-tx@4.3.30.RELEASE-tuxcare.2" } ] }