{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:d126eb85-ea43-5cd4-8282-556d8c444483", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-tx@5.3.37-tuxcare.5", "type": "library", "group": "org.springframework", "name": "spring-tx", "version": "5.3.37-tuxcare.5", "purl": "pkg:maven/org.springframework/spring-tx@5.3.37-tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:2b250b14-76b3-522c-9989-50fb90c67bf2", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.37-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:2ec55b9f-e202-5108-827a-659c0c44eea7", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:071e457b-1cdb-55f6-b573-63a5b6b1b082", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f7f118a2-b661-5de1-9a6b-d4af3f27c84a", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:17941879-49d0-5651-ac11-d5569336e8e5", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.37-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:4304b418-493f-5645-b3e5-906dfec9361c", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ecc1ea04-902c-565c-bc5b-74d54f40613e", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.37-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:bf8dc594-d0e8-5e78-9a78-7d1074f21075", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ee8136eb-d58d-5ffc-a12b-d72661aab2ec", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.37-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1d8b15b1-6ffb-5aa4-b81c-4afece9bd9b0", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7082fec0-88f2-5076-84a7-035b59108396", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.37-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f314086d-d502-54c0-94d3-0eb6e44bcce6", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:6cf3f8e8-94d7-5ab0-a885-e577793cf294", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.37-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c8e5593c-8e8f-5ab9-a5d5-c70cbf689323", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e52306f0-be8c-53c7-afb6-42414558fb03", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.37-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:00c7d354-4501-5cae-ac6a-f1afe0248192", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.37-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:2736f710-1f09-5e6f-abee-bda21aeeddb8", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.37-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:eea6aef0-0e5e-51ca-b217-d0d0c8e32942", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.37-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a589ed42-5879-5200-9335-f553e6700ec0", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.37-tuxcare.5 of org.springframework:spring-tx. already_fixed \u2014 The target repository (Spring Framework 5.3.37-tuxcare.6) already contains both fixes for CVE-2026-41840. The fixes were backported on June 8, 2026 via commit 648b33d0a3 as part of CVE-2026-22740 remediation, which addresses the same multipart memory leak vulnerability." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:dc4a3f92-4ca0-56a3-b2a1-f7eccff3ead8", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.37-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:62090bef-06ab-59b7-99ca-b65ff27bdfd2", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.37-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ca5ff944-6338-512a-9404-822f02ea6957", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.37-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:5afc6b86-82de-56f6-980f-d4a442995f0e", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.37-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f3b14a66-f7c8-5961-9828-58a500a48c6a", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.37-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:97550210-6a0d-54e6-a1f8-a6bb6a73c9d8", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.37-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:03b85958-2214-5b48-acaf-29c75945ec35", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.37-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3ec89cb7-194f-5e6e-bb0e-779530cde9bc", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.37-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:4194089c-f149-5a64-86f6-90eb7087404d", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.37-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3f60c1bf-6282-5705-a283-c05a45a7bd88", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.37-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:07cb3757-8a9a-536e-8a68-da5d57b5e4bc", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.37-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7edf235c-7fc7-5a33-850b-3db55a5707c7", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.37-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1af92333-5b13-53a9-9cfc-9756f449b0c4", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.37-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d26ac12a-9b32-50fd-be17-000e7f140754", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.37-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.37-tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.37-tuxcare.5" } ] }