{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:75c7c41b-0d02-5d5b-8313-21027e87aba5", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jms@5.3.29-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-jms", "version": "5.3.29-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-jms@5.3.29-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:7b7e993b-bebc-5cde-aa43-e34b6531bbb2", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.29-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:aa0381b2-b1b5-5392-ab33-64b8c96f0d0b", "id": "CVE-2024-22243", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22243 affects version 5.3.29-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1e46f78d-5dbb-56a5-b458-dad2846c841e", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 5.3.29-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9a71cc33-0762-5c2a-9deb-564e1893ae0b", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.3.29-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7bdbd0dc-dbe8-58a4-804d-35b710b0f6b7", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.3.29-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7905ca42-9928-56ac-be18-07da5c35bbb6", "id": "CVE-2024-38809", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38809 affects version 5.3.29-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:63bdc25b-5a13-5de7-8faa-11d7a89d59ae", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 5.3.29-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e0f1ec70-1cfa-5828-8f3b-f3fddfd43c35", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.29-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ce98424e-0a9f-5e32-a131-18654630df74", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.29-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a0244d8f-e2c7-5cfb-bfa2-f8ca9e422e8f", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.29-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5ede255c-87f8-5e65-aad3-b3a0467ded45", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.29-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:94e36d8f-618b-59f7-9a31-54249be4248d", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-jms 5.3.29-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:543ba7b5-e031-5b7f-bae6-8d14b65da095", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.29-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:75fcae42-5417-5d85-99e1-b7eeaa5ed2b2", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.29-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:15ddff07-78c5-599a-b425-581a6c1937a1", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.29-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:86a41679-dcce-51f4-a7b8-b829d753f20e", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.29-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9ca106d5-6a2d-503c-9ef8-f8c24c8d85e7", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.29-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6fcf967c-99b7-57d3-abb0-f7b8027ce9e1", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.29-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:84322fe0-657f-51e1-ac72-89d1788d6c1d", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.29-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cbdc0c5a-7ff5-5717-ad47-c2bb25cd1796", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.29-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:63a666c8-952f-58d6-b026-735dc366603e", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.29-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9634476d-4374-5bca-b4b9-1b365f26e79b", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.29-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ca8452c2-a098-584f-8caf-f63f7aed4aa2", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.29-tuxcare.1 of org.springframework:spring-jms. already_fixed \u2014 The target repository (Spring Framework 5.3.29-tuxcare.4) already contains the complete fix for CVE-2026-41840. The fix was applied on 2026-05-19 as part of a TuxCare backport for CVE-2026-22740 (commit bc0026ae70c), which addresses the same multipart request DoS vulnerability with identical code changes." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1d19abec-6d5a-58e3-b118-0f00e9f0720d", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.29-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:17abf73f-bddc-5c8c-a35e-a89466a5b227", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.29-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:01b02e21-5e40-5ffd-a75a-3162bf40e5a3", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.29-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0fdb1a7a-7f15-5128-a805-59e515822d6e", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.29-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:09247687-c131-5401-8da1-2323a161cbfd", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.29-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e48925f2-8166-5fdb-b21b-0624a764fc3a", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.29-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9c3eccf1-8380-5a17-bf4e-26f65bb729b1", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.29-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2342d90e-cb10-5129-8ee8-d52df10689e0", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.29-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e01318de-c7bc-5dac-a8c1-4f7016eb6f3d", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.29-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5652e00a-20fd-5494-aeb3-542a396c90d2", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.29-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5ebcc6cf-740e-515b-bd3c-d2f4fe478baa", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.29-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1b45c74a-fdc7-5021-863d-85bf5d1c34e0", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.29-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f9301c74-0915-54b1-981f-10e9b5061adb", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.29-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:32211dfc-8917-5d42-8bfd-aa3d81954268", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.29-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.29-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.29-tuxcare.1" } ] }