{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:2b467a1f-d36f-5704-8a1f-bf1362bf27fa", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-tx", "version": "5.3.29-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:885b9ca0-55f4-504f-a8a3-8f682705667e", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.29-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ba0d668e-eaff-5bcc-a765-d0f3cdeeef06", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:60bebd8a-5f00-5ea3-879b-82a71a5d5d72", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ab46d27e-1d41-5ddf-96d0-f978da538218", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ec7e4e74-4ddc-5a20-bd38-d4e413f2fb46", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6cb3a6cb-eb53-5c1d-8498-9b386fabb022", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:45ab5a2e-ee75-50a7-affb-e521a2a8a2ce", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d6310df1-af7a-5619-b5cb-cd9f3060cc46", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8642ee2b-943e-5f57-9b93-f9220e201f69", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:42cd12ff-42f7-5f1b-872a-42f9cab975fe", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cd2f6c58-330d-54cd-85de-50aae85ca080", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:487070e7-cf37-56fd-8220-c23a61e2ab7c", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-tx 5.3.29-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:14c6775a-872d-52e0-be1c-34112e0f62c0", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4430636c-e5a3-5f5d-8f21-7c79d9c11fa1", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.29-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:03873a91-25fc-5df5-b3da-3dabab9b4ab4", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:59d7aa43-5f8d-5fc6-af65-57a11d247b93", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.29-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0cd99bb9-09a1-5003-83f9-4477ccdcef5f", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.29-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6868840a-058b-5246-9a1b-989fcf084eb7", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.29-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:85cadd14-6aa7-5e60-889e-ac85db455f61", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.29-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:beab06b8-1ad4-574d-a22b-05bf8b44b0d4", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.29-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7ffe4d9d-ef5c-56a1-bc9c-36026a8c554a", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.29-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d6145ab2-9c14-5890-bbee-37b40500dd34", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.29-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8ee6cd62-15a2-5401-84dc-5c8798a016ae", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.29-tuxcare.3 of org.springframework:spring-tx. already_fixed \u2014 The target repository (Spring Framework 5.3.29-tuxcare.4) already contains the complete fix for CVE-2026-41840. The fix was applied on 2026-05-19 as part of a TuxCare backport for CVE-2026-22740 (commit bc0026ae70c), which addresses the same multipart request DoS vulnerability with identical code changes." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:323228d0-7258-57d6-9301-1e801d4e99b0", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.29-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c85c672f-2120-59ee-9e37-35899389fbde", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.29-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a0571b50-56b8-5d14-a5aa-ec7231dc2ff9", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.29-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ebe55d55-af28-5e8c-b3dd-49cfb0320fe1", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.29-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ea1c650a-697b-502e-bb66-a099ed775ce1", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.29-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7711053b-dc37-5387-a760-62c9e1aab7f6", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.29-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:50c1fa09-ba3c-5c8d-99c0-4fe38e724945", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.29-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:66f9b3ea-debb-5263-95d6-38e80a4ab23c", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.29-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ee68c326-54fa-5628-b39c-b0d29ecadff0", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.29-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:da8787eb-336b-559b-acd5-ec0b9dbabf74", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.29-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:52368e20-c26f-5dfe-82e5-e41d4ed0a28b", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.29-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:520281c6-5470-5a30-bd31-4c6d4a39140e", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.29-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:831b3e12-7fa6-5f8b-86f5-9a0663b4979a", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.29-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:741dcf36-82d7-5548-8623-5da5ecb3b07e", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.29-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.29-tuxcare.3" } ] }