{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:d61c655c-5c3c-56f7-b2f4-2a9f74084a35", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jms@5.3.27.tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-jms", "version": "5.3.27.tuxcare.1", "purl": "pkg:maven/org.springframework/spring-jms@5.3.27.tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:cedc85d2-c901-5df7-b091-de6b5320d474", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.27.tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6c8c922a-a294-52ca-b5d9-65d0cf90318f", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1d9c4eb4-5b2a-5760-9627-85e064a763dc", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b6cd7ec4-c4b2-5b7b-b15d-8c097670a766", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.3.27.tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:364b672c-5dd2-57df-8223-4e6c9cf0679f", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5c1cfab5-0da4-5103-adc3-2e186c5b1357", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b3105efb-34a2-558c-835e-d5c18e7b7c87", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 5.3.27.tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:200d2a42-090d-5030-9799-1f70a1613837", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.27.tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f0f18967-3042-5059-8742-823c5886b4a6", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7e6c3cdc-ff75-53b3-bf9a-1e876ce87085", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0e8b465c-4ada-5cca-9dd5-089a6cd6ad9c", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:832090be-a28c-5a79-a32f-d6b013dcc3ca", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-jms 5.3.27.tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dad5d16a-e06a-5d54-8e1f-47d969bcc761", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.27.tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1c2c97d7-f261-5325-ab9d-d7947d63175e", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.27.tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a48cf611-204f-5636-964a-b01e52ea51b8", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.27.tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:03e75735-42c0-5e31-b28a-f9f10db3a1ba", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.27.tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b6a4aceb-714c-5e53-a5ee-b21c59cccb66", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.27.tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3f4a9f79-5350-58b6-9a6b-37db3b0498e9", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.27.tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:df8bce70-0e3a-5c4e-8188-dff421232aad", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.27.tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3ae29784-c478-5c18-8971-e7c268eb4fed", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.27.tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:897827f3-8e5a-563a-967e-c1c3ac4ab5bb", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.27.tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f97e64c8-91a9-5ebf-880c-5fe39d85335a", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.27.tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e0632251-e675-5350-b0bf-fd599a6b62bc", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.27.tuxcare.1 of org.springframework:spring-jms. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41840. The vulnerability was previously addressed through backport commits for CVE-2026-22740, which applied the identical doOnDiscard cleanup logic to prevent resource exhaustion from multipart request processing." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:89352624-bf83-5917-b80b-d21fc8436c60", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.27.tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:507097c1-f53e-58e4-9e38-03da2084f318", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.27.tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:84538669-c37d-549d-bda3-ea4acdf187d9", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.27.tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a3d4befc-b042-50e4-8902-e390c6503289", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.27.tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f837c7c5-e361-53f6-a1ce-9b75cab69f56", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.27.tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:91dc28c4-6996-5d08-b893-1afc3a832276", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.27.tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:132085da-641c-5ee2-ab4e-b2de8a270808", "id": "CVE-2026-41847", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41847 does not affect version 5.3.27.tuxcare.1 of org.springframework:spring-jms. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41847. The upstream commit 07ba95739bf4451742e4ee6b4d4b2d0ee5f701bf is present in the current branch, and source code inspection confirms the vulnerability has been patched." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:de2c456a-3847-5937-ab17-1f749765d834", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.27.tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8b7104ef-b308-52d2-8b35-6a6d332952af", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.27.tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0917d2da-afcb-5cf9-988d-65ffe663fa21", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.27.tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:70df750b-1283-5f1e-b84b-7e2791432bf2", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.27.tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6f702299-fa91-573b-8b04-3eb093072481", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.27.tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c1a80859-9347-5b1c-8e42-f59378780d57", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.27.tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:619cb213-037b-50e3-9b00-724384ed1437", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.27.tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27.tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.27.tuxcare.1" } ] }