{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3d317ce0-acc7-5475-b03f-0342fd4f595b", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-tx", "version": "5.2.13.RELEASE-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:5f10b83f-8bb1-5fab-8cdc-7935b050b3d4", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:da6118b1-ff3b-5a3f-b01b-ce9533aea9b4", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e0244549-428c-5a0a-8529-e272848523b7", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:65a44f21-157b-54eb-a388-700a24b511a0", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:81ca0dca-57f2-55e6-9e94-31cc76fa9938", "id": "CVE-2022-22950", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22950 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:522c08c8-b1ab-5d65-9d6d-affb6bdc1b52", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9cb24096-5527-5409-90c6-b5e3c9677444", "id": "CVE-2022-22968", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22968 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2c5bd6db-b895-5931-a03e-27a8f5f9369a", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fe5d004a-8e58-52fc-9ca5-d5e7e74bf252", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:baf50821-6373-5f0e-9cf4-29337f454232", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7ee664e9-c932-5127-96ae-20f1c9823192", "id": "CVE-2023-20863", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20863 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1b892d5e-d85e-5c9d-a41f-aef2600299c1", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f87673b1-0585-5e62-9c95-36b10cc9cf21", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:40d6545b-7442-5725-9066-f6251a2dd5e1", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4e42f39a-500b-501a-a99f-d0ad6c4503f9", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:43470ce8-334c-5638-b6c5-c2a1882ec482", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bffcfb23-b025-5cd5-a6f5-212ce82d483e", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9be4393a-7c35-5f84-b1c1-62b6a09154ce", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fa04fe03-e0f8-51a3-9cb2-e8357b867303", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e3b097ee-f73e-5a78-8d03-15ca1047f35b", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b7570313-17ef-5a07-b85e-f51b5f8b9cd1", "id": "CVE-2025-41234", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41234 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f44d8695-0d05-5ab7-b6f9-79e6be196993", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:81f8e127-41b6-510d-afe1-111c0e14fec5", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:47adf4fa-0719-5f2f-b81c-c9889425f993", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:079bb411-6375-5e74-86b6-1b647271e62c", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:30d75e61-b4fb-590f-a16d-0ed9594bc16b", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f4d2576c-b7ff-5793-9e35-2d9b73b3fdbd", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ebcbb017-208d-5f51-9443-28ac238e5814", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ff28a6b9-aedb-5081-a0eb-76042ff60b93", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-tx. not_affected \u2014 Version 5.2.13.RELEASE uses a fundamentally different multipart parsing architecture (Synchronoss NIO library) that does not contain the vulnerable components targeted by CVE-2026-41840. The CVE explicitly lists affected versions starting at 5.3.0+, and the patches fix issues in PartGenerator and MultipartParser classes that do not exist in this version." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8805365a-9a9a-5206-ae5f-65d7b0b2a856", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7b46273a-9bd6-52a9-a9d8-509b4c94b259", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0f216752-06ba-5264-a496-78617438fc9b", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:45f1226a-c691-5e04-8a6a-543f2c360d27", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0fa6c930-974a-5cc5-aa00-5cfeacd9ff96", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a4dc01d4-e841-58a2-9a74-11d73f6caf90", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b24f3136-88ca-54c3-a7c0-aae6c269d921", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c0e4c175-c024-5810-80a9-ed34c6d2af90", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7fb7c41e-9ae1-5f47-a1db-429c097af1e4", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2231982b-fc74-5ff4-a5ad-b5d91eac5e7f", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1ae0eb9f-bcfc-56ad-aa73-ffd60e8dd016", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ef011071-bdcd-5b6f-b396-cf7bb4c3f18a", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6c79eb32-7398-5214-be21-2c511adb20e4", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6548bb81-3bc0-54ea-b780-be60d423c58f", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.1" } ] }