{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:59533bfd-b2e9-5e9b-89c8-bbe681b21431", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-tx", "version": "5.3.27-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:3ab43503-3912-5be9-9a30-5978da745871", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.27-tuxcare.4 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:bea01f16-143a-58d1-8149-09aee8fde251", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:16690c22-8a4d-59bf-8ff7-04a715bae4cc", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c2637e39-c7b7-5b59-857c-b43ccc1e545f", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:63779554-917b-51dc-8a72-7c558b622ef1", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:14a89cdb-2fbc-51b5-b3fd-0dd782eb465c", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:afdc6ebe-2ce0-502b-8182-5023853329c9", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7f5c188e-b102-570d-9d8c-d3746abb5cb9", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:92aaab4d-f074-5bec-afc6-9640b858b3c5", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f69b1909-086f-5673-81ac-ee9fd08ba0ec", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:16ba8429-1af2-5a53-be58-3eb079e79a59", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c9122ed0-d878-5812-89af-16bae0f5e551", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-tx 5.3.27-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8b883c1c-8853-5f3c-9d1a-c5fc5c949a4d", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f5f7c230-828d-56c1-b097-f0d3bfe6ada6", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d11f7cdd-f890-5aa9-9079-d32a6c502333", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4dee4bd8-edab-561d-9e51-232cd6237b49", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.27-tuxcare.4 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d251a0ae-559c-5c80-b033-f2f94bf5398b", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.27-tuxcare.4 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1da316ae-9094-5cc3-9b09-b4c3a9e5fd39", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.27-tuxcare.4 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:25a25e39-ee50-5838-bb93-9c79b446fd18", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.27-tuxcare.4 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a8c7ee89-1393-572d-ad88-74737a9a6988", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.27-tuxcare.4 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8ff3b6af-8b5c-5547-98f9-eac0500c7bdc", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.27-tuxcare.4 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d1809eaa-55cb-55dd-9f08-09d11269891f", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.27-tuxcare.4 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:63696b8e-c0f7-5f78-a163-b7470225c8d6", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.27-tuxcare.4 of org.springframework:spring-tx. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41840. The vulnerability was previously addressed through backport commits for CVE-2026-22740, which applied the identical doOnDiscard cleanup logic to prevent resource exhaustion from multipart request processing." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2fa8972d-c4bb-5b22-929a-be3887ad4486", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.27-tuxcare.4 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2cdb9c6f-e6e6-54f9-ba59-f917607d3b6c", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.27-tuxcare.4 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c9f73214-c9bd-5f71-91ce-e8f0a0ac057f", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.27-tuxcare.4 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ae797e07-3af0-584a-a884-a52e3fb5e35e", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.27-tuxcare.4 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:bb12c11c-fcfe-5f05-95b6-466de7364754", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.27-tuxcare.4 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3cbcf4a7-f4ca-5f90-96ac-b35332420418", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.27-tuxcare.4 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4cae549e-4025-51c0-88a6-eed618152d02", "id": "CVE-2026-41847", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41847 does not affect version 5.3.27-tuxcare.4 of org.springframework:spring-tx. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41847. The upstream commit 07ba95739bf4451742e4ee6b4d4b2d0ee5f701bf is present in the current branch, and source code inspection confirms the vulnerability has been patched." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3980f115-0eb7-50b8-803d-e21be1007533", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.27-tuxcare.4 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:20f8a444-8403-5cd6-b753-1312a91473c6", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.27-tuxcare.4 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:25c383a6-0496-573a-acfb-184554ccbeec", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.27-tuxcare.4 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5e6e32ed-458c-59fd-9dc3-c164ffeb78ef", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.27-tuxcare.4 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8ed67239-1de2-5416-a35d-8671cb729aa2", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.27-tuxcare.4 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9d49b7b1-850a-5699-8c20-7e4c65dbc928", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.27-tuxcare.4 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:58ab5a1e-f0f9-5d36-b6f8-29eb3da263f7", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.27-tuxcare.4 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.27-tuxcare.4" } ] }