{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:fab8e905-182a-5f77-a0e3-77837f077db3", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.11", "type": "library", "group": "org.springframework", "name": "spring-tx", "version": "5.3.39-tuxcare.11", "purl": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.11" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:ffb5feea-d760-55df-bf13-11d1125ceb98", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.39-tuxcare.11 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:cd3c71de-f87e-5ccd-9c67-45ab5b4a3eae", "id": "CVE-2022-22968", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2022-22968 does not affect version 5.3.39-tuxcare.11 of org.springframework:spring-tx. Spring version 5.3.39 is not affected to CVE-2022-22968 as fix has been already already backported by the original developers" }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:bbb776b2-aae0-502f-a4c8-345d9b97d85e", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:4a6d9bac-e9e6-5b88-8dad-1fb7956015b2", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:6699fa3f-1fb7-5643-85ca-eddf90862302", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:7abc6ea3-bb2f-5c8d-8cae-9b1fa23b0a3f", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:88f6532e-de85-5215-a42d-c9c9223cccd7", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:15035351-371e-58cd-963e-d2c00be42aa5", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-tx 5.3.39-tuxcare.11." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:2f6b4929-bfb3-5b32-a6e6-2d9b5a7c2206", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:3674719c-e15a-5c51-9f40-0c030b029d4e", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:6444cece-d91b-5fc8-b4bd-71725425233c", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:d9d1c3cf-81c0-5916-9176-62412b9c6dbd", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.39-tuxcare.11 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:27f7cad6-e682-52e2-b128-6ef49bdd0cb3", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:e828917c-3384-5a37-ae4e-6810a4dc8fb4", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:fba5f713-a2db-5694-87d7-5d5941365cb3", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:4f207e89-08f1-5c43-b75b-f1209791e990", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-tx." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.11" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-tx@5.3.39-tuxcare.11" } ] }