{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:7738c079-0fb1-5d71-af72-49b35d0d392e", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.5", "type": "library", "group": "org.springframework", "name": "spring-tx", "version": "5.3.27-tuxcare.5", "purl": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:de0971aa-b55c-54b7-a1c4-c45d9166cc04", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.27-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:856bd7b8-9a7c-5fb2-beaa-7aabc7e4a43e", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7867bdbe-2e1b-5865-aafa-23f4bed2cda3", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:420ea77e-2e35-5124-9fed-ffef8e61803d", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:2e5dcaf0-f1e9-5f78-8e15-196ab4fc9dbd", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:da3d8290-f240-5aa3-a8a1-0eb576152570", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:6d0b5718-a849-58aa-aa4d-20fbcbcd17e9", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9f802c82-4300-52fa-bfef-766d4fab49ee", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c1f95de3-51d0-5d42-9c0c-e0d30a35887c", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b942ad02-e9ab-57cd-9f65-65485686acdc", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:0ad7e040-c5e2-516d-b17c-16220c4f6e5e", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:bf1615e4-3850-512a-a207-4a42e11da066", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-tx 5.3.27-tuxcare.5." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:0ed04833-efe2-5161-8870-c49ab6c50fb7", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:aa862a67-6693-5a26-919a-51e5319384ed", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:8351b04d-c94c-53e9-b296-e71dabe92bbe", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:418c6aab-3da9-5fbf-ab32-271f1b8401b4", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.27-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7649986a-bc81-58a6-a721-b87f94d780d6", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.27-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a129e6d3-8439-5e98-8e71-ee4a66a8bf92", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d1dfec77-bf73-5b7b-b5ef-8a19fb2aaa8c", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.27-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:8be9bae5-b119-56b1-84dc-67fa9d8d19dc", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.27-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:5d91330d-4a19-51ea-962d-238d2b46a8d5", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.27-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d29913cc-a0ee-52f4-81dc-193dacc8c482", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.27-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:4a9185e4-1b3f-5c3a-a396-05fc93b0a54f", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.27-tuxcare.5 of org.springframework:spring-tx. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41840. The vulnerability was previously addressed through backport commits for CVE-2026-22740, which applied the identical doOnDiscard cleanup logic to prevent resource exhaustion from multipart request processing." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:19ca5186-6367-5a81-9e0f-9dc38148fe15", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.27-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:0ff1d5f6-2ff2-56c8-828f-ef0a78ea0f93", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.27-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9d396810-3aab-5602-9d56-8c92fbabd784", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.27-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a83f53da-4d84-529d-8413-097e6f87c7a1", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.27-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9da389e4-0692-581b-81cd-433f1a1f4aa5", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.27-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:4ac7596d-f833-5aaa-b4b9-8e978c7476a3", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.27-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a4bdb1b2-f330-53a9-af0b-d5b39fe0ca41", "id": "CVE-2026-41847", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41847 does not affect version 5.3.27-tuxcare.5 of org.springframework:spring-tx. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41847. The upstream commit 07ba95739bf4451742e4ee6b4d4b2d0ee5f701bf is present in the current branch, and source code inspection confirms the vulnerability has been patched." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:248ae86b-71d1-5d89-8927-6addd911d029", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.27-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3a94b2a4-f9f1-5b28-8a32-e74074dcb7c6", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.27-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b4cc6938-05c6-5410-bce7-f57df94c7f91", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.27-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7c2fd1ed-7bbe-56d2-9dc9-f4c7f4784b65", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.27-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:af460d52-85b6-5e49-b0de-d0e9bd836d09", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.27-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:24fac7af-de3a-54ef-a643-7792c315a285", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.27-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:36285e37-df27-5bf3-9550-35f17f09a77d", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.27-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.5" } ] }