{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:df86fbc0-d9f2-57ea-a917-9971b2db173f", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-tx@5.3.31-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-tx", "version": "5.3.31-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-tx@5.3.31-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:ccb30734-156e-55f4-a152-5ca7aec8b729", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8a316d82-516e-5c69-b5d4-b8be59b77a6e", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d4dec4b5-7aaf-512a-9f31-12f318667ac1", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:90c82ea8-0015-5b1b-89e7-a40a556c9e9a", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:becf879d-7fbe-5ba5-a526-ec1af0ef6b09", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:14203bd6-92d0-5dae-aeee-a929bbf0a2f0", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:84014f23-420b-5d97-8059-5be9d50a359d", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7df796b8-8c9b-59b0-a27e-1f8853d76d82", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f8d7ff89-9974-578a-a80a-b5b53565955c", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2e9c115b-0c7b-5bb4-b0f4-94c6ed2c8b10", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:919911bf-a482-5b71-839a-f56052bfa03a", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f6ff42f9-1a89-57f0-b294-a278487de569", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-tx 5.3.31-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4e4db75e-8824-5a3f-bf1d-fc785995cdca", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3ca24c4d-b22a-539b-a9c0-8ab3433d4963", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:890e3ac9-c79d-5041-9ed9-6a91202fc99c", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:76fc5f4e-0c06-5ad5-8f8e-6046518ee5ba", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.31-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5a21c60b-075c-50fd-a50b-c52a2e7e423a", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.31-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0b8f6430-58d3-505c-ad69-e3a10018b265", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.31-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dbdc6e5d-ac19-5803-bcf4-1dac795ab29b", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.31-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:26cd9b6c-a0d9-5eba-9ec9-756d02e8b455", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.31-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e8b9b350-598d-5963-b77f-80c7acb072a3", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.31-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6d8e4c3b-e2a8-531a-a004-4c08477b09e6", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.31-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1175b155-3165-5a30-b331-29c44e5cb86d", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.31-tuxcare.2 of org.springframework:spring-tx. already_fixed \u2014 The target repository (Spring Framework 5.3.31-tuxcare.3) already contains the complete fix for CVE-2026-41840. Both required doOnDiscard handlers were applied via commit 615477c88f (labeled as CVE-2026-22740 backport) merged on May 4, 2026. The code changes are byte-for-byte identical to the upstream patches." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e6c41b8a-c45b-5b1b-81ab-523067e012ad", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.31-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:38d5aa7f-8451-52c8-a1c3-6fc2b3f41100", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.31-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bcba1f38-e4bc-5e2d-9be1-2bf32f2ba83c", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.31-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:135a4fea-d1c8-596d-92ae-0ff97483859f", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.31-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:66cdb1fd-3654-58f0-a012-45c27338f786", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.31-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:990073fd-3c9e-55fc-b47c-ebb3add69668", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.31-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:068a01fb-f23c-55f2-b390-c17e647c1e8e", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.31-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c8ac795f-2090-57c1-a180-92712d00af5a", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.31-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fdd0b640-9c3e-54a1-b54c-819798799649", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.31-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:afd5cade-42dd-510f-8da7-eb8b86c1054b", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.31-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1aa6a9da-cd96-5f47-a6c8-c2e222539ca8", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.31-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:eafdca5b-5513-5ecd-b0ae-d1731a596f36", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.31-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2d537389-cc61-5dea-a993-061c338a3679", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.31-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d9b5da3b-ba7d-50c9-90db-7f57e770317c", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.31-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.31-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.31-tuxcare.2" } ] }