{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:7e67102a-111b-52c3-a4b1-28669d165948", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-tx", "version": "5.3.29-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:5d13a1bd-6115-50af-bcd3-4ada19b1efc9", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.29-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1d2235dc-557b-5907-b65f-a05ffe67ab2e", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:916b46ad-1646-58b9-ad70-1d93c3400def", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8cd1cbce-6aef-5f3e-9596-59b8f936ac15", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.3.29-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3c3d31d3-6310-59ed-9fa4-94c1b8255ee4", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.3.29-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9cce7748-40b1-5793-958f-b09cd77078cf", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:96f826c3-c413-5ac3-87fa-7aaa8e366e69", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5dd23214-8011-54e6-9632-872c9f43dc88", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.29-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:386433f9-498b-5bb5-9320-efd88e48d648", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1e1da848-cb8d-587f-ad6d-ce664f18fb35", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:33f08e0f-42fd-5b82-89e1-c1742b5a948d", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:622bbce8-9f94-5831-9143-0334898a2075", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-tx 5.3.29-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5020451d-2a46-5b23-89b6-6bc66555e796", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.29-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:472fec93-211e-5de7-ae71-9e8a5ac83b79", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.29-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:937459c4-d94a-5ef6-a739-86627cd4e6b9", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.29-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d57b1732-739f-554a-92bd-dc5aaba34fb5", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.29-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fa384b90-e3ef-511d-9429-e2219bcf2398", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.29-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d53277a5-bceb-5610-9077-9293ee4008cd", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.29-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:de3ad039-a683-5cf6-8aea-bb9b3f59f0e4", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.29-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1292ce2f-b319-544d-a9a3-81ea6a14771c", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.29-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:47bbfd51-94c6-58c2-80db-4baf3e9269df", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.29-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:eab3efe0-e916-5a19-a247-bcf25e8b6c83", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.29-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8e26dde7-3e71-576a-b763-480ad1fdcc99", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.29-tuxcare.2 of org.springframework:spring-tx. already_fixed \u2014 The target repository (Spring Framework 5.3.29-tuxcare.4) already contains the complete fix for CVE-2026-41840. The fix was applied on 2026-05-19 as part of a TuxCare backport for CVE-2026-22740 (commit bc0026ae70c), which addresses the same multipart request DoS vulnerability with identical code changes." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5ca988b0-4205-5364-aae8-006fb2081db0", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.29-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8124161e-685d-5411-9d7e-c7bfe9503793", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.29-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6ffd10c4-3e8d-5965-8895-106de900641c", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.29-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:56eff9fd-a9ea-53e4-b964-70a43c6892af", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.29-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:877dfd7d-c579-5544-90d8-6179820be58b", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.29-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:716931a0-6bd8-5beb-9aef-4952eb9a70d5", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.29-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cf7f5e33-33b0-59e0-8fc4-7e4dbc9676ee", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.29-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f3c0b03b-e286-5169-8d59-eb8b7bfedde1", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.29-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7e2d7fe6-7f00-51ae-b722-d48029e038ce", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.29-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:08473142-a8dc-56f7-bf9a-4c98a70ca0b5", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.29-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ab4dd3c8-a373-5eab-b7e6-f75a13731fce", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.29-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e1864765-c72f-5073-a567-c3286097216a", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.29-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:23b7ce69-8085-5d67-a05f-fd35ad938455", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.29-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ad329561-1e50-55e6-b8ea-0af9c6e836d2", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.29-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.2" } ] }