{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:93b314a8-eb87-5ff8-867f-c8ea25e40ef2", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-tx@5.3.39.tuxcare.5", "type": "library", "group": "org.springframework", "name": "spring-tx", "version": "5.3.39.tuxcare.5", "purl": "pkg:maven/org.springframework/spring-tx@5.3.39.tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:9f141767-db0c-5d39-bfce-b1da652c6666", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.39.tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:08fe09d1-c65e-5f1a-a1c4-93cf28994202", "id": "CVE-2022-22968", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2022-22968 does not affect version 5.3.39.tuxcare.5 of org.springframework:spring-tx. Spring version 5.3.39 is not affected to CVE-2022-22968 as fix has been already already backported by the original developers" }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:39062623-118f-5c53-8f4b-c0ae0e07ef8c", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.39.tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c4038729-30e1-5bdd-b72a-7f0201c80413", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.39.tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:275a91af-6b2a-5aff-a06a-28a1ace3e6b1", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.39.tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e492a9dc-cdd3-5279-b402-5f1939d29acf", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.39.tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e49289eb-8d4d-54cc-986d-9280040c8a4d", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.3.39.tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ab70c71a-58ba-5c55-9548-ff35fea2e5ac", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-tx 5.3.39.tuxcare.5." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:88d2b4f9-3a45-514e-b650-3b182d5a2c00", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.39.tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:bede179a-64a6-58a6-8c4b-2ba0e3b0adc1", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.39.tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e6035e71-4f5f-57ca-a131-8afb92533010", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.39.tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e612c2be-1abc-571b-870a-374d78dbe5d7", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.39.tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:30790527-1960-516c-accd-9db91f29a2fb", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.39.tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:cdf658d5-80e5-5e5f-b0c6-cb30eda11421", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.39.tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:6118f263-467a-5a41-970d-1e532a06ce38", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.39.tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39.tuxcare.5" } ] }, { "bom-ref": "urn:uuid:91c0f33d-1294-538d-9f3b-1ed2ddbe2701", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.39.tuxcare.5 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39.tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39.tuxcare.5" } ] }