{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:bb20da99-01f2-520e-9780-42458ab385f3", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jms@5.3.29-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-jms", "version": "5.3.29-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-jms@5.3.29-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:f7b70a5a-4f4b-54d0-b9fc-4ff9240fccc2", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.29-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b65f85ae-305d-51aa-b03f-1c4f182bf005", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:bc3e8cbd-c829-5e85-ba5f-5210bf235bd0", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7acd2015-4391-50c0-b67b-31b8372bf2bc", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:df8475c0-3d7b-565c-8707-0ea021a1b7f8", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3c6c290e-164a-5033-9435-61907cbf01ab", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:de5febea-d2e9-5241-b573-8b75d309b4f1", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3b3ae392-7409-5c04-bac3-7f974053038f", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:013f445a-9cd0-502e-937d-1771836f5d61", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7c90e718-ac91-5e32-b881-4178f380e9e3", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8b63c1d5-050f-50d3-ae07-3c124383a70d", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e5b183b0-6a97-520a-8dd4-67d68b45a9e6", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-jms 5.3.29-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b5acd372-b2ff-502a-bf54-510c719eb6b3", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2f63de75-e3de-501a-bd96-46c84a2aa377", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e93c8bd3-ea1e-5702-8f8c-706a34943fee", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e1b37d8d-b7c1-519a-bc6f-dfee3f0d550a", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.29-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9387eafa-7125-5237-a47f-b38735697662", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.29-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:596d588a-ed7d-58b8-b7db-3aa892c6ef72", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:16d17475-b8de-5d8c-b102-d702fc6f6fc9", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.29-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c673fd21-2884-56e4-be1a-b225ad07a79d", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.29-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:372ffa2f-b242-511c-9af5-b5c496a42189", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.29-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5a8b3afb-3491-57c3-80bd-9dab9294a257", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.29-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e8c4e126-84bd-5e8b-ac1b-d195880e64f4", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.29-tuxcare.4 of org.springframework:spring-jms. already_fixed \u2014 The target repository (Spring Framework 5.3.29-tuxcare.4) already contains the complete fix for CVE-2026-41840. The fix was applied on 2026-05-19 as part of a TuxCare backport for CVE-2026-22740 (commit bc0026ae70c), which addresses the same multipart request DoS vulnerability with identical code changes." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:55f4fcdd-7d88-5440-89e9-90ef0c6ede66", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.29-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d5d9db5f-1c31-5045-adbb-43ed6b745234", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.29-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:dbace30f-bdf2-52e6-907a-cb8ae408833f", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.29-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e6e3fffe-d78c-56cf-996e-b71ea3349ba1", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.29-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:dc6d2838-84e6-5d76-a846-7079802961cd", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.29-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3b044467-a525-5888-85f4-8a89a2b68f1c", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.29-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2a7b6114-7745-5287-8126-6ee602a257a8", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.29-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:268e9c0b-8560-5af2-ba23-dc1ad0cabf31", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.29-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9361f39a-dfb9-5b3e-b266-52bccc57ddc5", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.29-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:958c3943-6e7c-549e-b452-501c7183ad60", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.29-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:01c69407-426e-5eda-a0df-b488e920a0c1", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.29-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8f2d0f32-b9ef-5c11-b855-4b3faf927c18", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.29-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:afe03c56-da2a-5c52-ba2a-b1ab2f1f9982", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.29-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5877cbe8-298e-5e82-8b0b-0968fae57efb", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.29-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.29-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.29-tuxcare.4" } ] }