{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:d2c732ca-bd37-5031-b5a2-0d45cfe9781f", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-jms", "version": "5.3.27-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:99a5d534-7757-55d9-932a-3508615dd763", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.27-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a416264a-e0da-5547-9d0a-44664cdb2264", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:dd634fd4-ef65-5cc2-a7dd-2c22734a3f8d", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e461863a-29d1-5220-b960-a747b70ff531", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8f672d38-ecb0-56ee-9add-7ae19cfc9d51", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:93172448-9edc-5f6a-9865-29a8be164bb8", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:71b34061-9c98-5000-a5ae-4116f13f5d66", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c700bbd5-f78f-51c2-baf8-3a2bf9592915", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c35aaec1-c3ec-5eb7-8b3a-7b9ee99a8342", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e5a1c607-39ac-5e37-8040-589130663ac1", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:04f68fd1-0bfe-5aca-8ca6-794d04b28299", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c2952dae-7f7f-542a-8e9b-b2dfcefc31ca", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-jms 5.3.27-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b150afc2-e8d4-5c67-8f1d-f6311b6c160c", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:04b3fffb-a023-5765-959a-e239dba32aee", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:69864ba1-629f-572d-af59-84f9c17955e1", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f0b5f124-fa17-5c99-b030-814baa1c5bf3", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.27-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f18bd151-a288-5377-88fe-8d3c34ba50d7", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.27-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:211679eb-c7b0-5d2e-a54d-d7edde75e0e7", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.27-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a0bc11f7-826d-5617-8367-67c4cdf167e7", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.27-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b2a5bc2a-0e45-51aa-b62c-153756c318ee", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.27-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:46d7295e-732d-5ede-99e4-4c84dfe0e3d3", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.27-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:84cac5bc-e4b4-5605-8ef0-9ceb7159de51", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.27-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a84319d8-d046-579a-bb6a-a795172cb35d", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.27-tuxcare.4 of org.springframework:spring-jms. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41840. The vulnerability was previously addressed through backport commits for CVE-2026-22740, which applied the identical doOnDiscard cleanup logic to prevent resource exhaustion from multipart request processing." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c56ae70a-8419-578a-82b0-d9a78faceafb", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.27-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:bc2bae4b-1475-57c9-ad69-23ae653cbbee", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.27-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2da2f26e-4ee4-5afc-b6c7-b9094ef33778", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.27-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0544edaa-f633-5d2f-b6eb-c513e002fc4a", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.27-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:995b3af2-a517-5f76-9fd5-7aa5427d2592", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.27-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4bea7c6c-bc42-511a-ac41-e8b0fc7d6335", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.27-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1bb49e69-d2fb-5480-a46e-1829208054e9", "id": "CVE-2026-41847", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41847 does not affect version 5.3.27-tuxcare.4 of org.springframework:spring-jms. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41847. The upstream commit 07ba95739bf4451742e4ee6b4d4b2d0ee5f701bf is present in the current branch, and source code inspection confirms the vulnerability has been patched." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7c5e21ea-b727-58a0-ba46-cfcb51d3cfa1", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.27-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ebf6f159-29f4-5490-8a62-112275044b67", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.27-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4db1f52e-bdb5-5f24-bd5d-9477ddd06764", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.27-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:584f948e-a356-5644-81c7-ecbefbe69c12", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.27-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3060bb4c-51c8-529d-be84-1312b1dc20ac", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.27-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7e030de3-28ac-59bd-b8a4-603c20f1ea25", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.27-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:de4c83e4-d7d5-55ce-84a8-008b45e0756d", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.27-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.4" } ] }