{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:e9b871a3-d457-5da3-a5af-28996526d8df", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-tx@5.1.20.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-tx", "version": "5.1.20.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-tx@5.1.20.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:ecf1e79c-e281-5d1e-bca7-c101158d7fee", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b4c9d849-bb05-5dae-9455-ed0aa8b30309", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:748fba81-b530-50af-a6a0-e96dbd37fcf2", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:21aa5810-33c1-53c3-826d-fcc1b3c8a61e", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cb5510d3-daf1-5861-a54f-513030e7e15a", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f37ec952-5c81-543a-ad68-d8235c816f34", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:771c71aa-8d08-59b3-9f1c-c8dfc85e6f51", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fd4067e8-559d-5dce-803c-b4c2109a6db3", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:92619ac3-9950-5a3d-8d8c-166401cab095", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a295e7cb-451c-58d6-bc23-13d18713e025", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:24501f5a-cb82-593c-8404-971104613b59", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:05a7ab7e-47ba-5e28-b70d-1ad4f5c1c6da", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f8a89976-669f-51e3-bc6c-3b4d64b35a4b", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:609772c4-4a08-568b-abf6-fc7d09d821a3", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3143cccc-ee96-56c7-9383-a05aea7ae099", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:44eed492-e423-5e30-941c-6ad686457854", "id": "CVE-2024-38809", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2024-38809 is a false positive for org.springframework:spring-tx 5.1.20.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:eb85f0cd-bbd4-5995-b76c-05d31aa601fc", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d00bc9ee-6c02-5789-8ec8-337050d04121", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0c61fb13-f671-5d07-b053-6678c0615e9d", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:942dec65-d6f9-579d-b2a6-dac14e113469", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d1d0adff-3bc4-5508-8cfe-7f7016598b25", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1c50aa8a-4dda-557d-9ebb-2de5fb4847a9", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:620b5503-9021-59a5-aa39-543073bb11c4", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f34864a9-c7ba-5c48-a493-83c9c8a89748", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e2deb552-0c00-55ff-8095-253d085c8752", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:32cc3bc0-0973-5cdc-8fab-4e3a5cad6644", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5e6a1a4b-23a1-5770-9976-39d92f6d2a75", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cc9da255-0975-5bc0-bae7-1e49180d2d33", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-tx. not_affected \u2014 Spring Framework version 5.1.20.RELEASE-tuxcare.2 is NOT affected by CVE-2026-41840. The target predates the vulnerable architecture (PartGenerator/MultipartParser) introduced in Spring 5.3.0 and uses a fundamentally different multipart parsing implementation (Synchronoss NIO Multipart library)." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dfdf9963-96d4-5275-8e38-9032c589bfab", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d8ba92e4-b02b-5162-a58b-b250116f9dbe", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:22b3cde8-c9e7-5871-9318-67e9809bb9be", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:010f0fb5-9d0a-5574-bf0b-4496c2dce469", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7ef91081-05cd-5ee6-bd31-5d87103c5dae", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1ab01ef8-cde4-516f-902d-da99445bc24d", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:68a74093-4212-539e-b76c-0ea4c7094730", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f9e65125-4231-52c1-a70e-bde9a2f8dc5e", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7337e005-fdbd-50ba-8a5f-1784d8010ecc", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4ea85f09-cf12-521e-8647-e06265658812", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9efd7947-d673-5812-964d-f80a20d71193", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:80b480b4-b204-5700-bac6-498bf9b8ed65", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dffe3903-9c2e-59bb-813a-c326e117d99f", "id": "CVE-2026-41853", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41853 does not affect version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-tx. not_affected \u2014 Spring Framework version 5.1.20 is not affected by CVE-2026-41853. The vulnerability affects versions 5.3.0 and later, where a new native multipart parser (DefaultPartHttpMessageReader) was introduced. Version 5.1.20 uses different multipart parsing implementations that do not contain the vulnerable code." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f552d74c-7083-5c62-b9c0-264ca15722aa", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.20.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.1.20.RELEASE-tuxcare.2" } ] }