{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:348bc27f-dd69-5782-973d-3790029b9e03", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-tx", "version": "5.3.29-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:b373ae8f-3958-5560-9ec6-824ad3007b59", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.29-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:93b8afe2-d19e-505f-a78e-dd7dcf885dd5", "id": "CVE-2024-22243", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22243 affects version 5.3.29-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:be9643d4-8550-5a8b-9abb-0230de3c8fe7", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 5.3.29-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c9d8b7ef-114d-5da4-a898-240ea98ade47", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.3.29-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:020a4fff-20b0-549a-b21d-e73436326197", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.3.29-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c4b82cc8-8909-5308-bfc3-056d2995334e", "id": "CVE-2024-38809", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38809 affects version 5.3.29-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cf5b5674-c9ed-5190-9fb3-72953f0f35a1", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 5.3.29-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:41118ab9-ab8a-5e14-bd37-69e714692f68", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.29-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:05f4ca34-79f0-51b9-9e65-150388114310", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.29-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d0ef71a5-c473-510c-a09f-ccfd1e54ac32", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.29-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:70fa9e12-b6a1-53b9-b832-7d78a6aa2202", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.29-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0090f238-e0a5-5f04-a651-660ed40dfcc9", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-tx 5.3.29-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:75363c12-d378-5976-8a31-be8b363fe00f", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.29-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e8b15582-c93b-5f63-ad83-1e96933438df", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.29-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4aea094c-7bab-532b-84ce-1247c8d0cc75", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.29-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:228f5716-a483-54f9-9f28-78a18bb3c0b3", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.29-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f45ee1ae-80c6-58da-9838-d012c00370f5", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.29-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4f2a860c-1554-5c5e-ab85-7310d6771526", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.29-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:82a2b8e9-744a-5ac7-965c-489131b20e14", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.29-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3bcb92b1-4360-5acd-b2b2-7dc793f2964e", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.29-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f0398da4-e3cd-5afc-a3e2-3ffa30c1af6c", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.29-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3da07ee4-74f8-5195-ab36-6981774f2616", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.29-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ac87cc69-1149-57c0-9776-62943206ef69", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.29-tuxcare.1 of org.springframework:spring-tx. already_fixed \u2014 The target repository (Spring Framework 5.3.29-tuxcare.4) already contains the complete fix for CVE-2026-41840. The fix was applied on 2026-05-19 as part of a TuxCare backport for CVE-2026-22740 (commit bc0026ae70c), which addresses the same multipart request DoS vulnerability with identical code changes." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dc7d76d0-1ab3-50f9-956e-14a617995a5e", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.29-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c9678897-75d0-56a3-8871-891f75ac36d6", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.29-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0c4eb4f8-644f-53fe-a4e7-d9fb48e110ae", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.29-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:878d8efe-4567-58b3-bbfe-841a57e321b2", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.29-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1726e21e-332c-56d9-8fd2-cf84c1c1bedf", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.29-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9ab0838e-65bb-5c96-9d7c-1c4d916cb950", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.29-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8f3bd82f-7bcf-5dbb-bae0-ee0749dd412e", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.29-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:98c4dd33-4d35-5e05-81e8-75e83111025b", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.29-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:214216d1-7b01-534d-a2f4-bcce8e29c4b4", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.29-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2579c9a9-caac-558b-971e-90f19e3ddb1f", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.29-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:32cc1660-efc4-5b6d-9ff7-c2eebcb77c30", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.29-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0bee8739-6f70-5414-9cc5-a37472ac23d8", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.29-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:01c55b68-8434-5d94-be58-463786372374", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.29-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:048febba-4406-5442-a00f-333bc3c8bcce", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.29-tuxcare.1 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.1" } ] }