{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:e7ba877d-e1c0-5adc-8b9f-9ca46f949cb4", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-tx", "version": "5.3.27-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:3266f362-da41-5b10-97c7-24f9c6c168eb", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.27-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:08b65a5e-5d25-5fcc-aad1-41d4e8d7c52b", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7f2eb747-4cc5-5117-b0e9-bc86e12ac8c5", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5dc454ac-9696-5e1b-ba6b-5061258e99f7", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2cd9af16-cc46-5f65-ac81-a60d031541cb", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9289ad1c-166c-55b7-b51b-fa3b99418280", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:07d38ab8-b37c-56ff-b5cf-2ad7fe8c4562", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:73bee318-4b40-5b6f-98cc-f6571ca358aa", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:816854db-9f01-50af-9455-018e0ef62be2", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e01743a8-4d16-5985-bb3e-6880ff1e1592", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:85637925-b75f-525f-a342-c4fea17faaf0", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a064e63b-ee8c-5fa8-b3f0-175309adebdd", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-tx 5.3.27-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9ab80d20-6267-5edc-a05c-023f0fbf36da", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2d0dfad7-9902-55f6-9779-c41dbbfad340", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.27-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a369d964-3812-5f02-a30b-d778b29005a3", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6cbcd9b3-c427-5df5-a77e-152a93f2cdcd", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.27-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6b50e146-7cb6-5041-971b-4bc4d02838d7", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.27-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b4d1b143-097d-52f5-b6af-00cb6e0de520", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.27-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8f24e519-f577-50ed-ae91-5890f1ef1234", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.27-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:70e2908d-1354-5dd1-ba7e-b104fc86957e", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.27-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:48ad9f5f-c493-5177-9b03-2d6a7174d3bc", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.27-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:232da85d-5227-5b22-a64b-6bd7bbe8b04c", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.27-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:128679ca-5e79-5f45-9812-4e67578f6143", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.27-tuxcare.3 of org.springframework:spring-tx. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41840. The vulnerability was previously addressed through backport commits for CVE-2026-22740, which applied the identical doOnDiscard cleanup logic to prevent resource exhaustion from multipart request processing." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2559acf0-dd31-5b39-afc5-4592c79db227", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.27-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fe8f8c8e-230d-5f20-998e-f9bd89ecb975", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.27-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:45c43f9d-85fc-5f84-9d39-ff4d9e7209c4", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.27-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:12f80da6-2cc0-5074-ab97-3065d807fa32", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.27-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b491a617-9789-5618-9f53-d067a999ff36", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.27-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:78d3f1ff-92ec-5fbc-8132-f49b8db3fd01", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.27-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b8ff4299-bea3-552a-b789-e0fc973d4344", "id": "CVE-2026-41847", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41847 does not affect version 5.3.27-tuxcare.3 of org.springframework:spring-tx. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41847. The upstream commit 07ba95739bf4451742e4ee6b4d4b2d0ee5f701bf is present in the current branch, and source code inspection confirms the vulnerability has been patched." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4db57849-71f7-5653-9f05-df6f84ce3b1e", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.27-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cbb7c3f6-2a91-5cbb-991f-35a2121f0211", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.27-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:347d4ca9-eb54-5ebd-86d4-3003db3c11af", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.27-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8b57ca3f-b554-5d53-97ca-074529fcfde8", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.27-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:da12aab3-b045-5bd1-9717-6036aeb0637a", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.27-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:22e12fc3-a18e-588c-9789-7f383c9631b6", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.27-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:db85d5cb-ef1b-5060-823e-08d867ec5d53", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.27-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.3" } ] }