{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:955e0bd7-1da5-5c14-9987-945a13efa78f", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.11", "type": "library", "group": "org.springframework", "name": "spring-tx", "version": "5.3.39-tuxcare.11", "purl": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.11" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:ffb5feea-d760-55df-bf13-11d1125ceb98", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.39-tuxcare.11 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:cd3c71de-f87e-5ccd-9c67-45ab5b4a3eae", "id": "CVE-2022-22968", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2022-22968 does not affect version 5.3.39-tuxcare.11 of org.springframework:spring-tx. Spring version 5.3.39 is not affected to CVE-2022-22968 as fix has been already already backported by the original developers" }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:bbb776b2-aae0-502f-a4c8-345d9b97d85e", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:4a6d9bac-e9e6-5b88-8dad-1fb7956015b2", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:6699fa3f-1fb7-5643-85ca-eddf90862302", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:7abc6ea3-bb2f-5c8d-8cae-9b1fa23b0a3f", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:88f6532e-de85-5215-a42d-c9c9223cccd7", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:15035351-371e-58cd-963e-d2c00be42aa5", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-tx 5.3.39-tuxcare.11." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:2f6b4929-bfb3-5b32-a6e6-2d9b5a7c2206", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:3674719c-e15a-5c51-9f40-0c030b029d4e", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:6444cece-d91b-5fc8-b4bd-71725425233c", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:d9d1c3cf-81c0-5916-9176-62412b9c6dbd", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.39-tuxcare.11 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:27f7cad6-e682-52e2-b128-6ef49bdd0cb3", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:e828917c-3384-5a37-ae4e-6810a4dc8fb4", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:fba5f713-a2db-5694-87d7-5d5941365cb3", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:4f207e89-08f1-5c43-b75b-f1209791e990", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:2f4de10e-d7b3-5028-b9a6-a44109e8b789", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.39-tuxcare.11 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:356b9e4e-4aab-53cd-ab63-b5d1e445e1c4", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.39-tuxcare.11 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:12edd18c-9bcb-5d43-ad59-4075d9e88e04", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.39-tuxcare.11 of org.springframework:spring-tx. already_fixed \u2014 The target Spring Framework 5.3.39-tuxcare.12 already contains both vendor fixes for CVE-2026-41840. The fixes were backported via commit 4ef4cdca34 (May 13, 2026) under CVE-2026-22740, but the code changes are identical to the upstream patches. Both doOnDiscard handlers are present and active in PartGenerator.java and MultipartHttpMessageReader.java, preventing memory exhaustion from unrelease..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:95336aad-7e08-54dc-a69b-d6885fd5c0ea", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.39-tuxcare.11 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:dbfd28f9-7e4b-5bb8-a617-3ff39db475c0", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.39-tuxcare.11 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:4c440351-fbb8-5bc0-b1ed-36bd47326a7a", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.39-tuxcare.11 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:31b9ff9f-46a9-555b-aae8-853a800adfa8", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.39-tuxcare.11 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:32b9fd51-0af5-52d2-b36f-a722fff5de47", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.39-tuxcare.11 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:fe71f6f2-c14e-5db6-9124-875e2edd7fac", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.39-tuxcare.11 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:fbc593a8-18d9-5988-abae-b411985560f3", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.39-tuxcare.11 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:d2f8be15-e1fe-543e-876c-8bd84f0437bb", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.39-tuxcare.11 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:706d5160-0e92-5ab6-9c98-72bedf44ad05", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.39-tuxcare.11 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:65098d84-9ff1-509a-8bba-c6c18ab6ed42", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.39-tuxcare.11 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:eca29d2f-ea3e-50e6-b15b-0f0f96587f23", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.39-tuxcare.11 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:1b72f3f2-1146-50ec-b5de-2fff3444045c", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.39-tuxcare.11 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:fa83afc6-6bbb-5b34-b1f7-ebe3e4fece29", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.39-tuxcare.11 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:17ffdb9b-ba78-5ab5-b279-7dffef0b8eae", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.39-tuxcare.11 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.11" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.11" } ] }