{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:62103dad-c212-5bcb-9f52-497907d4f8c2", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-tx@5.1.5.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-tx", "version": "5.1.5.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-tx@5.1.5.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:a2c99dfb-e3e5-5e1f-ac13-6c99643783ec", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1ee4432a-e467-5356-9c86-149f22a65b6a", "id": "CVE-2020-5398", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2020-5398 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5a88e383-ce3b-5ee5-b415-cf6d28ad8d64", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e1055afa-de29-5b02-bd73-5751338a22c6", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:de0a6657-3bd5-550a-9bd6-1432aae2158e", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0062aedb-66ce-58e3-a3e9-6a70b8b1a93e", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3c37937c-36f6-5e4f-8ff8-2f87a74a635f", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e1b111d4-3936-50fc-bb0b-c2bb6b0624fb", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9299775f-0c81-5dee-8950-ec834896dcf5", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:53d5edc3-9614-523d-9bed-db7cb2058824", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a6001e5c-3530-5233-a91a-09898f4e4901", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4d3d2258-36e3-5361-b74a-386e0af74d46", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3e60caea-649d-503b-9073-9dc9a8442ae4", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6f9e09d6-27f0-5ed2-a92a-1ad83d865e8c", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a9470aeb-c0c8-5193-b844-edf3249da514", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:caf62fb0-bca8-509d-b15b-daee6fbf939e", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0c27db64-75c6-56ea-99a0-2914b49266e6", "id": "CVE-2024-38809", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2024-38809 is a false positive for org.springframework:spring-tx 5.1.5.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dc9114b0-14e1-5e85-ba25-28d967b57022", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1859004b-ef5e-5395-9b40-b911ade78fe6", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:05f5d6a8-e1a4-5207-a699-860df4b196fb", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:266a8458-0b7d-5d7d-a6a7-eaba526d9239", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c37cd417-bba8-5c8f-ac2f-f627f5da9619", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:23773686-01ea-5900-a6f1-39926276ec5a", "id": "CVE-2025-41234", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41234 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c0da6ec7-70bb-568c-9e90-203802357597", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:41f71371-4211-5b40-8ecf-2eecd9df9d69", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7845cde5-ecf3-576c-aeea-dc3167c5ec9c", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:137c68aa-517d-5004-bf74-d33385102dff", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:55327332-b3cb-57aa-ace5-f63bae95bfc3", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6a28ad0d-a9f5-5c28-ae5d-47665307cfd3", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fc65ec66-d275-5a07-85fc-f900452e2f5e", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3a3f8c1a-0915-5a57-9d35-d8650ed97193", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:22e40312-1f1a-5226-a50b-c7831280a23c", "id": "CVE-2026-41840", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41840 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6740caba-ed48-5c21-a94a-cbd3fbfa814b", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:907747c3-8271-5042-9072-287d4cc3b5b3", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ee74fc3a-de5a-5d42-9e2b-1b0ddb10cf21", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ebf8a54d-8499-56c0-8394-99c6008f3b2b", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ce135a62-dee2-5600-b51b-d106cd79b86b", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:96dcaa3f-a66e-5243-ba64-17fb211961d3", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:58c74edb-a32c-5bf2-8b4d-c2bec04b6e02", "id": "CVE-2026-41847", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41847 does not affect version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-tx. not_affected \u2014 Spring Framework version 5.1.5.RELEASE-tuxcare.2 is NOT affected by CVE-2026-41847. The vulnerability exists in the Kotlin Router DSL filter function, which does not exist in version 5.1.5. The filter function was introduced in version 5.2.17+ (September 2021), after this version was released." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0c9eb806-46ff-5081-bf05-a0dff5fac588", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e267d95e-2e40-526e-8c23-5774fd930a8c", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e9830233-0afe-57c7-ac41-6a1b1d96d862", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6b1d9c77-c0d3-5065-a3df-615fb36483f9", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b621c52b-2141-5f4d-9fd3-6987d83a15a1", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9c6d1fa1-e200-5f3c-939c-66261980cc7a", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0354ba09-b85c-5456-8452-ceab5b40389e", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.5.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.5.RELEASE-tuxcare.2" } ] }