{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:c6d1c5b5-6e83-5ddc-91f0-048e9ed28b2d", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-tx", "version": "5.2.13.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:1ea846d0-5533-53ab-a87f-531b9759e1b8", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b28205d8-baa6-561d-ada8-a8a3786eee09", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e7f0e950-675f-54c6-8f6b-40931e7cdad9", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:56813965-905b-526a-a851-7a14219546cc", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c2f78eb8-a327-56c3-b163-8c7741c4d3bf", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:36165417-5315-5a21-96ad-6292213ce658", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:26304384-be64-54d2-b0a6-80f155c934fb", "id": "CVE-2022-22968", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22968 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f9698508-dec7-5ab0-a425-7de6f562c908", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fd56538b-91bd-5651-b8c9-e348f2fc43b2", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1cfd6c45-fcc8-5e11-84b8-55b313016ed1", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3d86ce2e-e0dc-5167-acb9-e17b78288d88", "id": "CVE-2023-20863", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20863 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:087b118e-3f9e-5838-9d4a-0191da8f21a6", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cd274962-bbbb-5c2a-ad5e-daabcfee27ea", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e280eac1-c640-58b9-9613-ee2fecb66cb1", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:04eeef3d-0921-581d-97bf-2342bc23343e", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:463e8818-6248-57de-bba2-32cecc0d4c73", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ecda9281-1198-5ba9-8713-2bb6ff14a4a1", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:07f96ee6-143a-5bfb-9c52-eefe5a107f5f", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:228d9e5a-08ea-5c03-81a8-4539bdad2914", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:90cb6593-6442-5642-a27f-aaac13e4d57a", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e6c3fbac-1326-55de-9b25-65c1a3e4498f", "id": "CVE-2025-41234", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41234 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ad345673-2edb-5885-80b3-d03d5896627b", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a703ed98-f24e-529e-a0e3-ce2bb13842f6", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d40ae775-bc6e-5262-b6dd-5b85961ee3f2", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:15e55893-1b6f-5ef7-a83f-b6849f6cd3f3", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1bdb4edf-46bd-5118-b500-5fc38a54cf7c", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2ce7152e-cf94-5226-bba2-10216ecb4005", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1c8d95a7-e098-5b2e-b3b9-1260962a4c7e", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2fc1e5de-5526-5e80-a36b-e9d5c7073a5e", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-tx. not_affected \u2014 Version 5.2.13.RELEASE uses a fundamentally different multipart parsing architecture (Synchronoss NIO library) that does not contain the vulnerable components targeted by CVE-2026-41840. The CVE explicitly lists affected versions starting at 5.3.0+, and the patches fix issues in PartGenerator and MultipartParser classes that do not exist in this version." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cf0ef3db-99fe-53f1-82c7-136828c21438", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:27746f7b-a05e-5233-a5d6-3fd760f5ddcc", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3d25cba5-40db-5054-83d5-16d40285693d", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:04376a88-401a-5581-9cf8-d5ffa3b86c7d", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:927c1e3c-1fb7-5491-a723-7a5f4ee7108a", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:70a7202c-e9d5-5d45-856c-9d6bcc0f99b9", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2a803251-1d58-5250-a9fa-6c0a7398f911", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:eb2f877a-7c92-5458-a8b3-cc174bc0c64d", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b5e22b9d-486b-5668-839c-8b7db7c77454", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:53cfbe96-f404-5bca-b165-982964f83c34", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a8acd5ce-7755-5923-8f7f-abbd24b9b5c3", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e7187558-4008-59fb-b7fc-36246a5c000b", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:36c51b5e-9add-5e29-8757-f15301aa8ff8", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:50f397e3-48f5-5fa8-927b-586822e4bef9", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.2" } ] }