{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:55383b7a-de5d-5845-9b3d-0a5fc49044af", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-tx@6.1.20-tuxcare.6", "type": "library", "group": "org.springframework", "name": "spring-tx", "version": "6.1.20-tuxcare.6", "purl": "pkg:maven/org.springframework/spring-tx@6.1.20-tuxcare.6" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:2cbbcbab-b55f-5fb3-a3b9-a955e084b76e", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.20-tuxcare.6 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:983c3689-578c-5b9d-afc5-74d0bbbbd16d", "id": "CVE-2025-41234", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41234 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:123b36a0-bf26-55e8-993e-fa9f9b52f5d6", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 6.1.20-tuxcare.6 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:c923b7d8-a525-503e-8c1c-96faea6df36a", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 6.1.20-tuxcare.6 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:0a5a46e7-b370-53b3-b978-eb99082bf2af", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 6.1.20-tuxcare.6 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:bef57eb0-9f30-5eb4-917d-a58dba90edd5", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:d5edca03-8c08-532c-a226-afece18e1fd9", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:1e6921d9-db2a-5bd4-b54c-b4db58f41d68", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:1092d1e2-310d-57fe-aa6f-b8e0e6acedd7", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:b3491d08-e61b-5a6e-a14c-5688f12a8ef7", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:bbae11c0-4c7e-5016-98b7-dbf12eaee6f1", "id": "CVE-2026-41838", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41838 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:145c5e7c-22b7-5e34-b75b-8e084d0e6ac2", "id": "CVE-2026-41839", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41839 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:bee4ecb3-5612-5ed8-9515-7691f74dbc00", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.20-tuxcare.6 of org.springframework:spring-tx. already_fixed \u2014 Spring Framework 6.1.20-tuxcare.4 already contains both doOnDiscard handlers that prevent the multipart memory leak vulnerability. The fixes were applied via TuxCare backport commit a6b78f2a1c on May 19, 2026 under CVE-2026-22740, which appears to be the same or closely related vulnerability as CVE-2026-41840." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:b6f55340-fcc2-5e39-8226-d5418fb2b944", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.20-tuxcare.6 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:4d49f74f-7b0a-5272-a2f5-a28aa348bcfd", "id": "CVE-2026-41842", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41842 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:0072801e-e89b-51cd-943f-1e72e5690912", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.20-tuxcare.6 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:cf4e2d99-8276-5980-aaf6-ad8088e960a0", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.20-tuxcare.6 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:518ee834-4285-525b-8420-39e441f4abc1", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:b16bf5c9-deb4-532b-a8bb-60a64960f13c", "id": "CVE-2026-41846", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41846 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:cd0c6ebf-df98-5102-9ce2-2e6aaad20c7d", "id": "CVE-2026-41848", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41848 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:ccd07ec4-7417-54a5-b475-9a457beaa31b", "id": "CVE-2026-41850", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41850 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:5a5f4fa7-9b0e-5ee9-ac2c-0e122f6c3176", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.20-tuxcare.6 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:e30c4a33-648e-58f1-92c6-7751f67a8a49", "id": "CVE-2026-41852", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41852 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:9a78e8a8-3886-573c-86a4-caed2a359518", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.20-tuxcare.6 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:957df828-1e30-5b59-97e2-74c8a1df1aee", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 6.1.20-tuxcare.6 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@6.1.20-tuxcare.6" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-tx@6.1.20-tuxcare.6" } ] }