{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3666915d-469e-5a83-be5f-4361564e3013", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-jms", "version": "5.1.20.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:aa22eb10-8768-5591-b1c5-4d5576464390", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d8eb8862-8434-5088-8d78-b0526fa115d4", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:54fe972c-6d9e-5df5-926a-2e94ceaa5335", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9ce85e4b-1e20-5fb5-84c3-e7759ee9953d", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:99121a70-0f9c-5b18-bc0b-ad496f4f0249", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d03177b3-49ae-51ac-89b7-dc106a0cacdb", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d9582394-4df2-55f2-a7c5-eea3a042be41", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:434f30c2-1ad5-551f-8377-4954a5d6d1c2", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ff35a4fe-ed64-5e5e-a97a-d4a6b0e3b76f", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e3ccca90-8fb1-55ca-be8b-6c6a696797db", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b90bae33-c37f-5d99-bc17-ba2e56e2fbce", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:03618cf1-3bc0-5d80-918f-00a28315e98b", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a1605bb1-35be-50e9-b00e-d3b10cee41b0", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:11ac947b-a4a0-53df-a8e2-a2f06f2f4877", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d0cb3143-7a8a-54ff-acf8-c6b4bccd99d9", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2f320852-1b10-5cec-a4f0-5de60d4e7b43", "id": "CVE-2024-38809", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2024-38809 is a false positive for org.springframework:spring-jms 5.1.20.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3d6b8a44-802b-54ba-a060-dde65c00360e", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6bdd2b76-6d79-5ea0-a464-f8def2145170", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f758ef06-2ce2-5211-bc14-45cef5bf797a", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:52d5a174-83e3-5dbb-aa38-ddcb2569d1ee", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1e1cc8f2-055e-5267-9fe8-1be3095cf366", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c8653f50-fd96-5108-be1e-818b00dad447", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b2f7395e-9e6c-5034-9c59-175e7a6a688e", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e4c0c8c6-6ef8-5d5f-847a-3ddeb76dd4ac", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:356efa96-b4ac-5381-89be-258076a6e8d9", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e7e0c4f8-359d-52c0-a4c0-c4489a5196bc", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7fbdf0b6-ceba-5858-b677-5cbd89ceb8a9", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3d3960d3-627f-5c4f-9ef0-705e1c2cefaa", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jms. not_affected \u2014 Spring Framework version 5.1.20.RELEASE-tuxcare.2 is NOT affected by CVE-2026-41840. The target predates the vulnerable architecture (PartGenerator/MultipartParser) introduced in Spring 5.3.0 and uses a fundamentally different multipart parsing implementation (Synchronoss NIO Multipart library)." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:843e65cc-4556-5832-a2e2-4c954b7a6ae9", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4ee70292-1d45-5e4e-8da7-984126c7e6d7", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:76c20510-094d-5a84-8d3b-2ebd3c56e233", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:36b71cc0-f4e6-5000-8bad-b6fdc059bf6f", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1c86b2a4-d22a-5b87-9f52-a0c53cb89222", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:29dc65f3-8f99-54b3-9939-7b73c911f5c1", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:10a53cfe-9f1b-5a42-aed6-09ac34937d77", "id": "CVE-2026-41847", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41847 does not affect version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jms. not_affected \u2014 Spring Framework 5.1.20.RELEASE is not affected by CVE-2026-41847. The vulnerability exists in the 'filter' function of the Kotlin Router DSL, which was introduced in version 5.2.0 (September 2019). The target version 5.1.20 predates this feature and does not contain the vulnerable code path." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3cd0b24a-f830-580d-8c76-edac63d464db", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1fe64aff-ff12-51f1-beec-16ca9acd6abd", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:def129f7-7b09-559f-9376-ef0c4f7cd7a5", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1817869f-006f-5e01-9c32-084fb1b28bb6", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:59d7183f-324b-507e-b385-e134fc939e35", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3e6fc3fe-8193-5508-9319-1e13a8f53c12", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bdb06c02-b4e5-502a-b212-ee28e7de4a17", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }