{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:b27b1265-ae5b-5a7f-ad5e-199961f074db", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.5", "type": "library", "group": "org.springframework", "name": "spring-jms", "version": "5.3.27-tuxcare.5", "purl": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:3965977b-6b23-5c8e-a67b-23b301612023", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.27-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d740d886-b831-57f5-9080-3072a357bd6a", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:68ce7137-30c3-5432-9843-c695c43e24aa", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:20420a4f-714e-5163-8bd9-11a10a834795", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7ee1b61f-34c4-52c2-bda4-c308561e7e62", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:fe8a1c43-0172-5deb-a4fd-30cd335047c8", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:759d6b9e-0d3b-565d-9318-c6f869d8c3e0", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:42d2d5f3-2425-5457-bb45-02ede3d23009", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3179c571-6aa6-5591-b701-fd9c80c89960", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:df5db1e9-7284-5336-89f6-5504022d3eae", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:0f156b97-d6ff-512b-9e8b-66f4039b9fd9", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:69324ab4-0e9b-5ec7-a44c-c62b2732b688", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-jms 5.3.27-tuxcare.5." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f77e82f8-c244-5eb9-b65a-678db1e365cd", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d73b0525-97fd-57fa-aaaa-f9310061a6fe", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:173bdf30-1e35-5257-a0e6-438db00d2b1f", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:01a41ed7-0a34-537e-af3e-c7ba6151a771", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.27-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1baf90f8-8022-523f-a42f-11225671e6cc", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.27-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1b24b280-575e-54f2-ae2e-dec080473b6f", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1785d66d-d122-5235-be9b-555277503504", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.27-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:52fec519-94a4-5603-b05a-eb3eb186f4f1", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.27-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b4f23b3f-c7c2-53cc-abd1-43f00d241aef", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.27-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1280dd4f-473b-50bc-a068-286b0ea2a42b", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.27-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:06c4d570-122c-5529-acd4-a70ac1f6de80", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.27-tuxcare.5 of org.springframework:spring-jms. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41840. The vulnerability was previously addressed through backport commits for CVE-2026-22740, which applied the identical doOnDiscard cleanup logic to prevent resource exhaustion from multipart request processing." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:72ffa06f-e504-5625-8b01-877eda415a7d", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.27-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:15f18a17-f9d1-5b25-a08a-ae333d862fba", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.27-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:6f8f427f-5594-5776-81cf-32b349395c01", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.27-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:71425fbd-fafd-566d-8a41-5cd5e8d33d17", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.27-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a74d3a28-29f9-5cca-b0f3-6768ca834c02", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.27-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ea8a8e86-c8d7-5146-91d6-1d9c8a099147", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.27-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:dceef438-6d3e-50e6-be3d-c51dc78d56d3", "id": "CVE-2026-41847", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41847 does not affect version 5.3.27-tuxcare.5 of org.springframework:spring-jms. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41847. The upstream commit 07ba95739bf4451742e4ee6b4d4b2d0ee5f701bf is present in the current branch, and source code inspection confirms the vulnerability has been patched." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a05f652b-e0f2-5300-9bd2-9c4dc3f7db9a", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.27-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:8bf8b6bf-81d8-51eb-ac70-3a018829a319", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.27-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9299fe08-85c3-59ac-b3c0-3942537f8fce", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.27-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:060bbcd8-393c-59a3-a52d-31f1e95a5403", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.27-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:38bfadad-2c1e-5586-a185-fa3bb921154b", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.27-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:61eb2619-5e56-5b00-ad92-bc47ea49f844", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.27-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c9f53928-bd6a-5893-a488-a33b7237b8ef", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.27-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27-tuxcare.5" } ] }