{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:af515da7-4b0d-5880-8a0a-90c12dbef92d", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-tx@6.1.20-tuxcare.5", "type": "library", "group": "org.springframework", "name": "spring-tx", "version": "6.1.20-tuxcare.5", "purl": "pkg:maven/org.springframework/spring-tx@6.1.20-tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:2e10670d-c4b6-5466-b955-fc082c9742fd", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.20-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a5f14785-8646-553b-bf7b-b1677bac0eb0", "id": "CVE-2025-41234", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41234 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:23a1cf22-b7f6-5270-8e73-8a0351fd18c7", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 6.1.20-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c6cfd05b-3b43-54c2-8fa5-787a6f76a3e6", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 6.1.20-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:34bdb57e-f767-5994-8849-1599dba1143f", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 6.1.20-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:bb2328e5-9f7d-50c3-91e6-659b8cf1abf4", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:171b79e6-5669-59f1-8196-472c10b07af3", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ddc1e7fc-5061-5f9c-aa8c-b94e0037ec6e", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ab8ae8a7-cf86-5341-8d27-99186fbfa4b8", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:8ecbe118-3296-5554-985a-c4c35e116558", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:44d55af4-4069-56ca-b0de-1e68dee7cf60", "id": "CVE-2026-41838", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41838 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:03d34176-83f8-5552-b08a-c87630f73e1c", "id": "CVE-2026-41839", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41839 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:34023876-c765-557d-b445-f27b50ad1dc3", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.20-tuxcare.5 of org.springframework:spring-tx. already_fixed \u2014 Spring Framework 6.1.20-tuxcare.4 already contains both doOnDiscard handlers that prevent the multipart memory leak vulnerability. The fixes were applied via TuxCare backport commit a6b78f2a1c on May 19, 2026 under CVE-2026-22740, which appears to be the same or closely related vulnerability as CVE-2026-41840." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a6d84c81-912c-5fb7-8f12-76af363c2091", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.20-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:def5659c-b19c-5b45-91b0-9e8b9fea3aaf", "id": "CVE-2026-41842", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41842 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:157e14e0-4fa8-5455-a69a-181f4e4ee6d0", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.20-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ea472e70-14f6-5194-9701-9975955cdb37", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.20-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:fbd76db6-a29e-550d-8a47-a68acac04648", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:2120c9d1-1adc-563e-a788-5b581b56962e", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 6.1.20-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:54e95400-a33d-5430-a690-d39374bcdabf", "id": "CVE-2026-41848", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41848 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:69d218a8-ab2b-5fdb-9499-58277f0f18cf", "id": "CVE-2026-41850", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41850 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f215847b-9541-5f82-a97e-fb74e1ac186f", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.20-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:bc489990-53d7-5349-a05d-aa10996fab17", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 6.1.20-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:2732a899-70a1-5407-80d5-d21b3568665d", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.20-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:54e99ee2-4c24-5dd2-97ee-a78ffeb17a24", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 6.1.20-tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@6.1.20-tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-tx@6.1.20-tuxcare.5" } ] }