{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:85fcc182-d8a5-517b-99be-dd3c50f94881", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-tx@5.3.37-tuxcare.6", "type": "library", "group": "org.springframework", "name": "spring-tx", "version": "5.3.37-tuxcare.6", "purl": "pkg:maven/org.springframework/spring-tx@5.3.37-tuxcare.6" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:10418762-e06b-55e5-9bed-a8cd5160c97d", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.37-tuxcare.6 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:108ca931-e62f-5a7b-9424-7f5cf57357cb", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:9687a91d-67b1-5d22-8d64-9330fd6f69d8", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:e5a4ac0b-d44b-5e3d-8142-d46775c9ee48", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:b7827358-6629-5a65-b954-448c72f4837d", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:b86a6d18-7017-5c33-9b9f-895abe650c24", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:95b3c75c-0b7b-5112-bc54-f92b06b0a70a", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.37-tuxcare.6 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:a2db6ffe-986c-50c2-bc4b-b08ade96e5e8", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:7ae80d36-5f2a-51fb-9082-a24c582c11eb", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.37-tuxcare.6 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:e4c4f447-649a-5c35-ab07-a89f63fa8155", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:575ac474-bf21-5b5c-9c20-21046861bc94", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.37-tuxcare.6 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:1e4d1d8c-0ba2-5539-83d5-8e01b07c6d3b", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:c4665193-6be9-571c-8732-1a69d29edd43", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:c14ca30f-bd71-57a9-95d2-a17631a12129", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:365c956a-d463-5463-80d1-2403c4de7f34", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.37-tuxcare.6 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:28983eff-8b84-525b-9f1d-3c89a73d3aea", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:8200f384-e655-56fd-b539-7bcee7579ad9", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.37-tuxcare.6 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:520192ef-cc89-5aaf-9760-35ebe150a2ed", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.37-tuxcare.6 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:9c67aa48-18d5-544d-973a-d4b4fc8781d2", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.37-tuxcare.6 of org.springframework:spring-tx. already_fixed \u2014 The target repository (Spring Framework 5.3.37-tuxcare.6) already contains both fixes for CVE-2026-41840. The fixes were backported on June 8, 2026 via commit 648b33d0a3 as part of CVE-2026-22740 remediation, which addresses the same multipart memory leak vulnerability." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:e1367541-ef61-5bb5-bfb7-4cf309bcea8e", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.37-tuxcare.6 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:fa9bd041-df89-596e-933d-fe597f15ac7f", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.37-tuxcare.6 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:b0f9292d-f0e8-57b0-b0c6-2ffd2ff38422", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.37-tuxcare.6 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:cac3b276-1a1c-551f-ba69-a008c5a0ea06", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.37-tuxcare.6 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:b569b400-24bf-5dfd-8123-fe8f9dfb8c8a", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.37-tuxcare.6 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:86db51d6-6e63-5904-bed9-71a0385d92d3", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.37-tuxcare.6 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:b7927cba-24e6-5c65-9ce8-433539e8af3f", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.37-tuxcare.6 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:09a4f525-6284-5f3a-a588-358cd7888fae", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.37-tuxcare.6 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:fa09220f-148e-5e59-8d95-a9f7f2b257ce", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.37-tuxcare.6 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:f9479ecc-3e04-5699-9e1e-74281e059235", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.37-tuxcare.6 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:1e195ca3-d446-585d-abbf-af1b7658cb1c", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.37-tuxcare.6 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:cb3c1aa3-1812-5eda-aff1-5e53d3a1dbe2", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.37-tuxcare.6 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:0b73d039-4f7a-5ca7-a803-6ddf83a7fb0f", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.37-tuxcare.6 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:cd73ebef-47c4-5da2-b47a-77be0d71d766", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.37-tuxcare.6 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.37-tuxcare.6" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.37-tuxcare.6" } ] }