{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:d5df3dc9-2a97-59f7-bb42-43fc4afa5975", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.11", "type": "library", "group": "org.springframework", "name": "spring-jms", "version": "5.3.39-tuxcare.11", "purl": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.11" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:a9215b44-81ad-5351-be4e-f04b4d33c303", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.39-tuxcare.11 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:de32faff-bd3d-5b8a-acd9-02f68155d8b3", "id": "CVE-2022-22968", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2022-22968 does not affect version 5.3.39-tuxcare.11 of org.springframework:spring-jms. Spring version 5.3.39 is not affected to CVE-2022-22968 as fix has been already already backported by the original developers" }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:d239b1be-596a-516e-8708-62fe41e119d9", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:2a8208b3-38e1-592c-a903-334108667974", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:f50192e1-1c97-581f-a4e6-e07428de689c", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:cdfa7d46-7810-563a-877f-5cee58698bc4", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:da859647-81e8-58c5-a4ad-22c7dfb4df0c", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:82991c91-e5c2-59a7-83f6-551602ac92cf", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-jms 5.3.39-tuxcare.11." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:9ef52dbf-fd69-54ad-bdc3-4a41c9eae19b", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:30115003-15ee-5f00-bbad-fb098748c5dc", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:8dfcf4b5-08a1-5b6f-b214-be442a1a6a86", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:60b563ea-0e8c-564a-9172-71a2b7ffc7e6", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.39-tuxcare.11 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:a3973a83-0339-5d90-bfda-be382fef8183", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:28910df7-853f-5769-9736-c7d440dcaf94", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:9e3cb342-f458-5e34-a53c-a25376f035af", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:ceba83c4-1210-5933-9266-b0a32c412282", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:061e0550-65d5-5952-9d02-a45ebe0ae8ce", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.39-tuxcare.11 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:6865a1c6-58b5-5d73-a687-55e9e39de920", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.39-tuxcare.11 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:74243b5f-9ca6-58fa-b1fa-c402cefeff63", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.39-tuxcare.11 of org.springframework:spring-jms. already_fixed \u2014 The target Spring Framework 5.3.39-tuxcare.12 already contains both vendor fixes for CVE-2026-41840. The fixes were backported via commit 4ef4cdca34 (May 13, 2026) under CVE-2026-22740, but the code changes are identical to the upstream patches. Both doOnDiscard handlers are present and active in PartGenerator.java and MultipartHttpMessageReader.java, preventing memory exhaustion from unrelease..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:9622f336-a799-549e-9673-ac7cddc84a2c", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.39-tuxcare.11 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:a50eb95d-e553-57e5-b2c8-fa8587e6e82f", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.39-tuxcare.11 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:06f53800-a4ac-554f-8544-82fa07f7c8c8", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.39-tuxcare.11 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:65f9ea3e-115c-5805-9fb7-e06e4362e113", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.39-tuxcare.11 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:be89e740-a649-5586-b82c-f12b1d4ed4b1", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.39-tuxcare.11 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:a0d0a078-9684-5c6d-8e43-993db13337bf", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.39-tuxcare.11 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:db512056-a258-5b24-8d94-ecc9d84311ec", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.39-tuxcare.11 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:7fafb8b6-b1d1-5127-ac19-0b3211571be7", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.39-tuxcare.11 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:dcfeae5d-5acf-52d9-94d4-275a5121a793", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.39-tuxcare.11 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:cabbbdda-aabf-522b-818f-c6cb33ef1776", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.39-tuxcare.11 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:a6ada4b4-2167-5a82-a6e3-3095aa00497b", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.39-tuxcare.11 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:37755199-9a21-5512-bd4d-c5ccd9e825a7", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.39-tuxcare.11 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:6587bf08-d31a-5575-b38a-0cb961f417d9", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.39-tuxcare.11 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:920b81dd-8b66-5418-89ea-46d24a68a39f", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.39-tuxcare.11 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.11" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.11" } ] }