{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3e40d018-c8b3-56ad-b7d9-a6e0a83563b7", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jms@5.3.31.tuxcare", "type": "library", "group": "org.springframework", "name": "spring-jms", "version": "5.3.31.tuxcare", "purl": "pkg:maven/org.springframework/spring-jms@5.3.31.tuxcare" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:956fecef-d576-567a-a217-46add043b0a7", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31.tuxcare of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:a482dbfc-9d3c-57b1-97de-547cf915eafb", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31.tuxcare of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:09868e8f-19c6-5c03-af69-69a3f3a1cfa1", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 5.3.31.tuxcare of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:5955f7b9-201c-5101-b35d-e5bb383f586a", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31.tuxcare of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:4e0175b7-10a3-58fc-83dd-7b0b8b383964", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.3.31.tuxcare of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:55cea74c-273d-55d0-a5fb-ee90a0d2564e", "id": "CVE-2024-38809", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38809 affects version 5.3.31.tuxcare of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:8bd53205-0fcf-58f9-9fa4-6125a571df53", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 5.3.31.tuxcare of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:351dc96d-de54-5a58-a5a3-f2e6643c421b", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.31.tuxcare of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:ce5478d2-63df-5a7a-95ef-4ccffc6acd97", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 5.3.31.tuxcare of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:573cec51-3e4c-514e-bfea-d62f77203c6a", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.31.tuxcare of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:687d90e5-63f7-5894-b9ad-ccec863afb26", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.3.31.tuxcare of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:824170e1-b11b-58ec-a640-0e062514a63b", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-jms 5.3.31.tuxcare." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:18aa53e7-16e0-5bc6-8c26-dc7f412086dc", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.31.tuxcare of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:616950c5-c3cd-5368-b55c-3f18636841d6", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.31.tuxcare of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:f986640b-e9ae-5bec-a447-b590b5f0b07a", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.31.tuxcare of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:ab3a5a3f-1e1f-506c-a456-3d1ca3f4e6ab", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.31.tuxcare of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:c733109e-7e32-5d6f-9c73-bf35ffafde77", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.31.tuxcare of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:a0844897-fcbd-59e8-b878-ae142fca8394", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.31.tuxcare of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:d6c12e7d-440c-5404-be5c-db60109d7462", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.31.tuxcare of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:da331152-af39-51aa-81f6-5fa575093a82", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.31.tuxcare of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:7fb0cb57-1b8f-548e-8168-514e22b96e19", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.31.tuxcare of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:9cfcb897-d9c7-550d-8328-9103dd4e983c", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.31.tuxcare of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:b5cda954-4f65-5aca-8d6b-740ebeea4135", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.31.tuxcare of org.springframework:spring-jms. already_fixed \u2014 The target repository (Spring Framework 5.3.31-tuxcare.3) already contains the complete fix for CVE-2026-41840. Both required doOnDiscard handlers were applied via commit 615477c88f (labeled as CVE-2026-22740 backport) merged on May 4, 2026. The code changes are byte-for-byte identical to the upstream patches." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:ac989c82-881b-5bc8-a8fa-bef4e7f2f64e", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.31.tuxcare of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:a225c683-6c55-5ff8-ac6f-4d17b9d99022", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.31.tuxcare of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:2a095ccb-191a-5e7b-8fb3-babe4d5e83e6", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.31.tuxcare of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:ad7e0679-3a8e-5aa0-a1e6-8a6d9cbbe2e8", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.31.tuxcare of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:bccd15f2-6a79-50d2-b5ce-ae32b8c58f74", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.31.tuxcare of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:6708586b-5e31-52fc-9732-28182258017a", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.31.tuxcare of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:70eeee41-edb5-5b31-9f5a-cec7cb9c06f4", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.31.tuxcare of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:9a6117f7-a5cc-51c8-a79e-34aad6f343f1", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.31.tuxcare of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:8221ac34-27b3-507e-8a63-dba5610901c9", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.31.tuxcare of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:035ebf2f-0563-5cc8-bf7a-581c96784ce1", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.31.tuxcare of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:198cbde0-93af-5a90-9f8a-3ad2f7e13727", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.31.tuxcare of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:534f28ce-8618-5196-8bf2-69e36fae6aea", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.31.tuxcare of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:2151d863-02bb-5448-a910-5b2bfb840ab4", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.31.tuxcare of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:696cd8c5-3e24-5c61-9b4f-06a8245473fd", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.31.tuxcare of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31.tuxcare" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31.tuxcare" } ] }