{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:a356e031-bb59-5ac6-a1d8-f28f7b884c95", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-tx", "version": "5.2.13.RELEASE-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:b46f7a6d-3b35-5d66-869f-3966a3d45784", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5cd9f7cc-24d1-5a87-a34b-813e1a350f56", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4de7b2ee-9154-5043-8b36-e21dc8c9557d", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a94b8588-ef33-5fc1-b939-8c8f7e2ddc21", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:84d4d056-d41d-55e3-97a6-5c382c6a9e47", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:de368ed9-91cb-5747-9afb-aec4d76d602c", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:249f9001-b85d-510a-ae49-40b743f21722", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7beef324-ec45-50bd-8b4d-f87e27257c30", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c6b2d5e8-7910-5526-991e-3206be227ac4", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:579ccb4f-8abd-5d86-89bf-c7ad5d452077", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9147f211-ea9f-5de0-8ba2-ded6d0130485", "id": "CVE-2023-20863", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20863 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:83b136a7-58a3-5014-873d-00bedb8c3a25", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:da1e6e32-6131-59c9-a652-c47f86320366", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4d1345ab-ecd2-5096-a6bc-e20d086fd727", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:17dead6c-75e7-5152-898e-2740010290c0", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:052a765c-27bf-54ea-bd0f-158c66a29445", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5fa33bbe-d5e8-5595-a45f-a8a302eb7697", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3885f8e7-0302-5854-99e1-b669bac6b7e2", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2d58e215-d768-5279-818c-307ee3f0e6cb", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:39ef069a-3ec3-515e-8af4-e61bdc3afe9c", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:18575dde-c6da-5279-a492-2de535e05406", "id": "CVE-2025-41234", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41234 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:65ce5ebf-4387-58a7-8e2f-a91d38d67578", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7ee7c47f-834c-5f1d-a3d0-72e35e307e8a", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f69ef643-c8fe-5ba9-b0de-0f8c0e1415c5", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:acc635e4-e580-5309-b71a-3598a7b55ecd", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b009dc09-3321-56a1-a2ba-df57db064f6b", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:25152c8f-b15f-5b33-9738-135791743570", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:009c4444-2257-58ea-81ee-e7a3e1d8db02", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ccab71d8-e053-533b-b5cb-22ec9d89d6bd", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-tx. not_affected \u2014 Version 5.2.13.RELEASE uses a fundamentally different multipart parsing architecture (Synchronoss NIO library) that does not contain the vulnerable components targeted by CVE-2026-41840. The CVE explicitly lists affected versions starting at 5.3.0+, and the patches fix issues in PartGenerator and MultipartParser classes that do not exist in this version." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:afda79b8-3b66-5818-8a24-3c507a793ddc", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:00bdf119-dfb7-54e0-94e6-5ce95387c697", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3da34b63-b42d-5a10-aff5-e3ad157d8719", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e161be65-f6cb-514c-b563-1bda78be0e2c", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:770175d2-b823-53d9-949f-634c0636b3bd", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fd9fb0e7-ca7b-507b-84c0-6af6b2011f5c", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8f04921e-9b30-56c0-8e7f-fa2744917a52", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b196e9e8-1f4c-57d3-8eec-f508e35d6642", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5d18aef4-6575-55ed-b8fe-eaf281ee5241", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e7c61402-3073-579f-b845-8a98c32fb281", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c3345b55-227d-51a5-ba54-ba02eccb6040", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d687dc58-2954-5894-9488-19acc5efb6d9", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c3821de7-ed41-5d20-8bd3-0e2742037f88", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bc61f346-b4be-5776-9362-4cba8fc1d9bc", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.2.13.RELEASE-tuxcare.3" } ] }