{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:7ea41907-e212-563e-bf6a-c72cb2c13922", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-tx@6.1.21-tuxcare.5", "type": "library", "group": "org.springframework", "name": "spring-tx", "version": "6.1.21-tuxcare.5", "purl": "pkg:maven/org.springframework/spring-tx@6.1.21-tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:edb79972-77cb-5801-8b53-65a257227ad0", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.21-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:792d4acc-49b4-5d64-ad66-e1c742446cb5", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 6.1.21-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:dccaf2bf-d283-59ce-a522-b88779aa5436", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 6.1.21-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b5424d9e-1262-51b8-a90a-b3cf45db8820", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 6.1.21-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:8c2b25c0-f5e0-5a89-931a-fc16752ae9df", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 6.1.21-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d31ebb1a-b00f-58ba-aa1a-479f2981b075", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 6.1.21-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7b06413b-1ee0-57a0-9182-a3d900b66b1e", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 6.1.21-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:92c828a6-e684-52bb-a14b-f17fc2878041", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 6.1.21-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:6ad22225-0fb5-56da-9994-14b9b6f652e0", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 6.1.21-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:bd45020e-2d2b-5bd2-8a09-031d41f6bd61", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 6.1.21-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:952ec768-60e0-55e1-991d-3cceb261e8f6", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 6.1.21-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:fbccc076-8902-5c0b-a751-8f49f9e2fcf0", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.21-tuxcare.5 of org.springframework:spring-tx. already_fixed \u2014 The target repository (Spring Framework 6.1.21-tuxcare.6) already contains both upstream patches that address CVE-2026-41840. The fixes were previously applied as part of TuxCare backports for CVE-2026-22740 (commit d8aa04a97f, 2026-06-08) and memory leak fixes (commit e7c90921fd, 2026-04-29). Both doOnDiscard handlers are present in the current code, preventing resource exhaustion from multipa..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:107008ed-8a0b-568f-a328-68ab87d3747d", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.21-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:526b8a59-17c7-54a0-98ce-c1cd41e527c0", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 6.1.21-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:cbd3c411-5491-51fc-9c2b-f4e30d713c21", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.21-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1e803b92-6ac2-51a7-b6c0-9eb18cda2395", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.21-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c2fd4521-f180-5b35-b60b-237f3a42ab1c", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 6.1.21-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:4273e79a-8461-5664-b89e-7200757462c7", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 6.1.21-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a75b88a9-f499-5ccc-98f1-4455f047ae72", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 6.1.21-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:2d1654d7-51db-55a8-ba7f-0151fe45434a", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 6.1.21-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:53dcdeb4-dd96-5dc5-9aa5-ad856101f380", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.21-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e46169e7-ce0d-54e5-9a6c-f7a382f233e1", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 6.1.21-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:5b1988cc-9304-595a-ac80-a4a5f6311133", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.21-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3e060390-19a4-5bb1-8ce3-c6a175eabbd3", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 6.1.21-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@6.1.21-tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-tx@6.1.21-tuxcare.5" } ] }