{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:6bd65492-6038-5d31-a728-3b0a7fc82a16", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-tx@5.3.27.tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-tx", "version": "5.3.27.tuxcare.1", "purl": "pkg:maven/org.springframework/spring-tx@5.3.27.tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:3d61a32f-8ff4-5aa4-bfd1-a7d4e5a487b6", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.27.tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cf5f2019-5e49-5eb0-8eb5-d4a04d1336d2", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d301c8c1-87a5-5790-a771-8fd928d07e97", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dd303578-bba0-5459-8dc6-2463b426856d", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.3.27.tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d68fe547-ec18-5649-b65d-8b20bb709ca8", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2f68ab47-63bd-5db8-b155-d8f2a90743cc", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c45ee4ee-8b86-552b-bfb5-20b7a22abb12", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 5.3.27.tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:225ae7eb-a287-5b0f-8e02-3d6f499dc870", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.27.tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b8ad42aa-f955-58dd-aa5a-5b78299c7680", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5bbe9cfd-da92-53cd-ac2e-a0101775ea19", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9a13a0a5-8c31-5f3e-b2a7-cffdf91b7cfa", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:98331fa5-ab64-5db9-a100-b7346d19532e", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-tx 5.3.27.tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:905a3a1d-3c63-5792-8fee-aea2f2c01b50", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.27.tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c08968dc-a860-5dad-8e51-1d44c61e35b8", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.27.tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2262902c-a06f-52c6-bd86-e91095ecd3be", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.27.tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ba991eef-f226-5634-9d89-65bec3799c4d", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.27.tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1d905016-b377-5c63-970b-ea9cc0c30c08", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.27.tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:93bb1792-3c23-57a9-83b3-7ff1bb6c7698", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.27.tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4e5b13cb-ebca-53b0-836d-deecadc68986", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.27.tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:35e42b47-cfe2-5718-a555-ac20f9c8b43c", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.27.tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b27668a8-80d1-5c28-9adb-04e3a6704c01", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.27.tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4f2d3de5-bfca-5583-9ab1-f3f846c40887", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.27.tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:03cec050-2dff-5812-aa9e-bcf84a8f1dbb", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.27.tuxcare.1 of org.springframework:spring-tx. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41840. The vulnerability was previously addressed through backport commits for CVE-2026-22740, which applied the identical doOnDiscard cleanup logic to prevent resource exhaustion from multipart request processing." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9131cf67-ca09-55b5-aada-1017143e04ab", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.27.tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4d3e47c5-9b09-5ad4-bb87-86c074dc481f", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.27.tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4d0dc6e4-af5a-5009-a11a-6de9119095e8", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.27.tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:89f10d7a-61dd-5ac5-9067-039474e22eb0", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.27.tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c064c728-6136-5e54-9fe0-6489ee42038a", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.27.tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:329b0a4c-23fb-58a3-88db-935a02866aaa", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.27.tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:79c9be3f-e6a7-576d-830a-88f4e9baeef6", "id": "CVE-2026-41847", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41847 does not affect version 5.3.27.tuxcare.1 of org.springframework:spring-tx. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41847. The upstream commit 07ba95739bf4451742e4ee6b4d4b2d0ee5f701bf is present in the current branch, and source code inspection confirms the vulnerability has been patched." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:63c6d6b5-a3c1-5a10-a1df-f863d255d0e5", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.27.tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:94fa5de2-ae81-5859-bebd-91fc36f0e6e5", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.27.tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b6cfd3bd-f320-56db-b024-80d3798c45a5", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.27.tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:be54e137-0e11-52d4-82fa-baf59a9962ee", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.27.tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:daa07918-666f-594b-bdcf-d7a40275b84f", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.27.tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4e8c1e97-76a4-5172-928d-74bed0be7304", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.27.tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2ecc83eb-360b-5f76-9e44-5e461cc6620f", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.27.tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27.tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27.tuxcare.1" } ] }