{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:5b646c15-b35f-5ebc-b406-d0749e55b31e", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-jms", "version": "5.3.27-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:e6045a47-6d23-56e4-852f-117d8f27246d", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.27-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e149ccda-e7d4-5d4c-945a-99f3984a14e6", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0fbb9a0a-cbfd-52db-8a36-160131ffe548", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:73a0aadc-32b9-5264-80b7-fa2e2bc6b0a8", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f318f29f-d961-57f9-bddb-467c6237a24a", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:72dd7be7-aea9-5221-8172-fcfd4ec723eb", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f7edbc98-6371-5420-a854-62f149f41b5c", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fc9d06db-c732-5118-b856-fed065f112ba", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d21a8f08-5528-52f9-8b9d-67291dd0d178", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c91eadf0-c994-5976-9275-db8c04d667f3", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d25d04cb-adbc-501e-8cf0-15d2bf460e01", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:16819de9-df32-5c50-b332-5ae1b886c1d7", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-jms 5.3.27-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:172e32e3-b1b9-55e7-8e93-343c113fb484", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7937e216-88f7-52c2-9bef-ac050bed0e2b", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.27-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:47994816-9761-599c-b157-6a936bb94fbe", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ade1599d-6778-52c0-a9e6-a04efa127c02", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.27-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f42bcae6-3b2b-5a36-85a7-fdecd3f6d1d1", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.27-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2414e7a4-695f-5343-9e58-681ea33b01b3", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.27-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:628a72b2-4511-52d3-b876-820eea10970e", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.27-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:08173c24-66d0-5a81-b5a3-6ab08ea3e6f1", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.27-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c5802e3e-6bc2-5fb5-a729-8ce69015d9c3", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.27-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:241d2676-bf78-5d5c-a9df-2416dd77fbdf", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.27-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e8113b47-5880-56d2-b245-7c0096ab09ec", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.27-tuxcare.3 of org.springframework:spring-jms. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41840. The vulnerability was previously addressed through backport commits for CVE-2026-22740, which applied the identical doOnDiscard cleanup logic to prevent resource exhaustion from multipart request processing." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:eefd370c-6549-5bce-b149-33ca943e8d5b", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.27-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:be3fef02-d03e-56a6-ae7e-319a73abb974", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.27-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:76e8a5b5-83b0-522b-9273-02af9396583c", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.27-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8a699f0b-7e19-56a4-b1b7-2eefc0b65557", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.27-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a094d890-6097-5d04-817b-ff5112a9cac4", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.27-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f03655cd-1795-59a7-a17e-1ce2cbbe2171", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.27-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e74235b9-2e3d-562b-83ec-4ad5f5f0131b", "id": "CVE-2026-41847", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41847 does not affect version 5.3.27-tuxcare.3 of org.springframework:spring-jms. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41847. The upstream commit 07ba95739bf4451742e4ee6b4d4b2d0ee5f701bf is present in the current branch, and source code inspection confirms the vulnerability has been patched." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bc1c9f81-09e4-5894-be6c-37b9b98a72d5", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.27-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:056a5171-b947-5434-bb01-0178ef7ecdef", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.27-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d0366a32-df52-54f8-9f7a-ea4406d69418", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.27-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b99f8870-5bb3-51a9-9dc6-dc9f13062e89", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.27-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ef68c7f9-f22d-5f61-b7e7-b094d5ca99cc", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.27-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:82ddb961-67b0-59e6-b375-808f593a9ebd", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.27-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b6bec174-ea85-5e2c-85cb-cecf6118c1b6", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.27-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.3" } ] }