{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:29d197ee-a61b-5bbc-a242-f8388dbac517", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-jms", "version": "5.3.31-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:d37d97ee-2f45-5c5b-8253-7d491278aee0", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fe2d304b-306f-5b01-a3cd-ba5768b8b6a5", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:31a78190-0984-5b3d-aafe-632c2e7b551a", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8a6498a5-2d2c-5b60-b075-b300809d11e8", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a2a0c761-bbc2-55d3-80ae-9e5d7ab08dd7", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b7d21b44-fc74-56d3-9054-5d35f5282e29", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a9c3d69c-affb-5b85-b2a1-087fd7016cac", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2acea686-3db4-5110-bb13-2c753b3d53f6", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1f7b7d40-c6cd-52c4-bcb8-bc6133cfe4c2", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:01d346af-5ee7-5988-aded-e41880106611", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:197b040f-435c-5662-a652-866000bca0a9", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:05d52e0c-79d9-5bd3-9cc2-45dd71a32942", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-jms 5.3.31-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4e11980f-be4d-5114-8f80-8afa52872c9d", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d5347310-695a-57a1-8f1b-e55ca5b36fbf", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b849889f-1112-5b4f-a88b-588203fd95dc", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4f32ddf6-ceda-5a58-a494-711d370fea96", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.31-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9f5b88be-ba38-540a-9d08-1d34922d4995", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.31-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0cc7c48c-6c0a-5635-9b53-9d0ac80235cd", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:60110bf7-6740-55e1-8efa-0ceaa4798413", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.31-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b646006d-2ab0-5fea-a867-33a0a3e0551a", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.31-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:78f8a0fc-18d2-55a6-8761-f2635aec7638", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.31-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c93d10ab-0960-57d9-8fbc-741db47fe739", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.31-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:335eba8b-57c8-5baa-a9ed-573dc422ad49", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.31-tuxcare.3 of org.springframework:spring-jms. already_fixed \u2014 The target repository (Spring Framework 5.3.31-tuxcare.3) already contains the complete fix for CVE-2026-41840. Both required doOnDiscard handlers were applied via commit 615477c88f (labeled as CVE-2026-22740 backport) merged on May 4, 2026. The code changes are byte-for-byte identical to the upstream patches." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3a49de1b-0e29-5862-ad6e-a887d046cc2f", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.31-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a865b8de-0615-5548-941e-d717fb942bee", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.31-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1bcf04cf-9aa5-5f1f-9d63-b9663277d98c", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.31-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:455433f2-cc92-5611-9476-2abf836f8c5d", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.31-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:902bd6a0-1dda-5293-aac2-aadeb79ba0af", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.31-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ab08b4ee-b74d-53e8-b2f9-d363b024e10b", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.31-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:21837ad3-f5e8-5fff-b4e1-1dea9859e70c", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.31-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:75cddc65-8f7c-5cee-a636-4f92849c3a46", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.31-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bf4b1d02-676a-5559-8afa-ad7332ad5ec3", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.31-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1572078a-f0f2-59d4-956d-b6bd84c05c89", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.31-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:92275664-382d-51a7-a11a-43b4935fc038", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.31-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7056257a-1049-5704-a9a1-6390a31e22b4", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.31-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0681eb12-956a-59dd-ab35-37f743474052", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.31-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d3f694a6-6497-5e36-90ea-5bf2c6e35225", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.31-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.3" } ] }