{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:02be0f5f-f3de-5dd8-8ae1-f7674044ce5f", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.7", "type": "library", "group": "org.springframework", "name": "spring-tx", "version": "5.3.39-tuxcare.7", "purl": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.7" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:c2db8f01-acb5-5316-a150-d35e04fac0b6", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.39-tuxcare.7 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:026b68c0-9795-5b8d-90f6-935bfdaeb69e", "id": "CVE-2022-22968", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2022-22968 does not affect version 5.3.39-tuxcare.7 of org.springframework:spring-tx. Spring version 5.3.39 is not affected to CVE-2022-22968 as fix has been already already backported by the original developers" }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:f422e6ae-1556-52fa-b4ba-a58b1ff4c7e1", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.39-tuxcare.7 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:24c39373-9c54-5ef2-bf82-45c3f7771ca0", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.39-tuxcare.7 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:156b8ff7-f542-50de-a60d-a76d36aefc9c", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.39-tuxcare.7 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:806542b6-9302-5906-8b3a-4a7e711fd2bc", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.39-tuxcare.7 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:c33a72b7-5e3a-5605-9e84-52a718d62ddc", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.39-tuxcare.7 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:5b77b229-5638-5cba-bf2e-85dd77024316", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-tx 5.3.39-tuxcare.7." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:ec9733a9-4c63-5d28-ab63-7e7afd7f1df5", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.39-tuxcare.7 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:0724a6a9-9f69-5eda-a776-79d6253399c9", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.39-tuxcare.7 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:ab696714-b91e-500d-83ef-6b062b21f510", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.39-tuxcare.7 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:7ee6c67f-858f-5d49-9ba6-925557ca7380", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.39-tuxcare.7 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:ed00e3ab-067a-53c0-90d5-5f9bf4daede2", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.39-tuxcare.7 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:cdc1aebb-1583-51d4-9d59-6dae373212a7", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.39-tuxcare.7 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:62afac40-c512-5ed4-9cd0-f2ddb5aa23ed", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.39-tuxcare.7 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:f70ad72a-a8f3-54c4-8751-d6eee21fa135", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.39-tuxcare.7 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:990920aa-445e-5c89-8d20-fdf897187602", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.39-tuxcare.7 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:8f398068-7ae7-5468-bcc6-cf0e6a7125f0", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.39-tuxcare.7 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:fa5411f1-012a-5d7c-8cf5-aa6fb225006b", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.39-tuxcare.7 of org.springframework:spring-tx. already_fixed \u2014 The target Spring Framework 5.3.39-tuxcare.12 already contains both vendor fixes for CVE-2026-41840. The fixes were backported via commit 4ef4cdca34 (May 13, 2026) under CVE-2026-22740, but the code changes are identical to the upstream patches. Both doOnDiscard handlers are present and active in PartGenerator.java and MultipartHttpMessageReader.java, preventing memory exhaustion from unrelease..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:d768ef4b-40e4-5e5c-b7f4-6ba75678412f", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.39-tuxcare.7 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:a8b861e3-92bb-53f1-aa04-05f57bd7557d", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.39-tuxcare.7 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:5cac7af3-9ba9-5d10-9931-93a31a043a69", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.39-tuxcare.7 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:b6934b9d-0a9b-5eec-8e5b-316a5be6b199", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.39-tuxcare.7 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:03e2c691-d273-5f98-bbe7-fb683dc6eab3", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.39-tuxcare.7 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:6758106c-6e88-5204-927c-ff63ea3e8453", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.39-tuxcare.7 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:faba0c19-078e-551a-9fa4-74473ac643a7", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.39-tuxcare.7 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:ccf037e9-dd03-5c5e-8d55-0d2f3ef0fe91", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.39-tuxcare.7 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:2f92cb90-8559-50b0-b2dc-6b58c1092f9a", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.39-tuxcare.7 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:e8a4eca5-a3e8-5c44-b1f7-7201b2ed1b44", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.39-tuxcare.7 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:f82695f6-473a-561b-b4dd-421e613abead", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.39-tuxcare.7 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:480a6f5a-2d46-5014-a917-fa717cbaf77a", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.39-tuxcare.7 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:a0b13e78-fda5-53de-a739-e084f82f2b89", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.39-tuxcare.7 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:a6650c02-a5ed-52b2-b561-e73cb35b8d7d", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.39-tuxcare.7 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.7" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.7" } ] }