{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:36c31bda-8312-5560-bdaf-35101abbfbff", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-tx@5.3.30-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-tx", "version": "5.3.30-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-tx@5.3.30-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:d33af0cc-276e-5e1a-a66b-ca32d3088de8", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.30-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7550cf4f-b179-55c1-8c89-b58f42ca8781", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:32815cb7-53aa-5948-abb6-1de6e7302002", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4dc31f78-9c36-5f6e-bc84-15f5685f4bf7", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ffc3be11-9e64-5332-b347-8b663dc3a7de", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bfbc814c-8a80-549f-972c-7d39db8b57cf", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2c07e7f2-2bf5-50f5-9189-259140717952", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:faca131b-b7a4-57e0-8609-969b0d6becbf", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d4a29d5a-795f-5e95-b7d5-936065eec189", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8da2aff2-2824-5df8-9c0b-66246598cb38", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:76e17b98-7bcf-5ca4-adb3-513cdf4f70d5", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0bec0042-10a9-5592-a65c-135132d5edea", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d584ee96-945e-5a91-bd1c-23fc6f9f7e92", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:106cc8f3-88f3-5dc0-9cc8-e6e5d49c6440", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6f5bc575-62a5-5a7b-b152-6c4760c58d66", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:446593cd-87b3-50d6-9474-44eabf7b5277", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2b082697-5ea7-585d-a33c-5713e5ebd45f", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1ef4318e-d507-53aa-9505-c04fb92776e4", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2526730b-02ca-58a0-9170-379e1abc7e80", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:dfa91874-3a57-5904-9294-183e9b6ee551", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.30-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3dcbca07-6c0d-54cd-b8e5-69af0b9013d4", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.30-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:be6647d0-85df-5c51-8d5a-12c8d2393ea5", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.30-tuxcare.3 of org.springframework:spring-tx. already_fixed \u2014 The target repository Spring Framework 5.3.30-tuxcare.3 already contains both fixes for CVE-2026-41840. The identical patches were previously backported by TuxCare as part of CVE-2026-22740 (commits 1a619adbfb and ee9443b0bc, merged May 2026). Both doOnDiscard handlers are present in the current code: PartGenerator.java releases data buffers on discard, and MultipartHttpMessageReader.java delet..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1d67b57e-10dd-55da-a1c4-714c62a4f411", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.30-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b8aece06-6df3-5cb5-8d95-b3fbe43f84d7", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.30-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0d824f82-735e-52b1-96f8-dac27e73cdb5", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.30-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f9353725-c530-5a80-98ac-87c6ded20f81", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.30-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3dd5c535-36ee-535e-b547-d7bfa28efd94", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.30-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9df66337-5523-5b3d-a773-7fe86e7929ee", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.30-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:52822ae2-0022-5712-91b7-e33e9f36a6da", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.30-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:39b7638a-b4ce-5c5a-b68a-4a8773d3b132", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.30-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7faf637d-ba03-5e78-8e93-92ab32ae46b1", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.30-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:150a7e19-c297-5484-90fc-fb5e2c4392ce", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.30-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4bb26260-16eb-5ffd-928f-f78c76cdffb9", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.30-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b1a35fc0-c228-5a02-91d6-7959f51fab91", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.30-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3059c0b5-1c62-5659-9b37-bbadae16d5e7", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.30-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1c3f563c-dd09-59b6-9b09-f71bd01dd003", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.30-tuxcare.3 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.30-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.30-tuxcare.3" } ] }