{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:acab1d16-e3c2-5238-aeed-bdb2ceddb0f6", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.8", "type": "library", "group": "org.springframework", "name": "spring-jms", "version": "5.3.39-tuxcare.8", "purl": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.8" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:3f5a01c3-01e6-5da2-a626-43428a32c6f5", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.39-tuxcare.8 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:737538ed-d1f4-54dc-9894-22b2dc2a5bef", "id": "CVE-2022-22968", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2022-22968 does not affect version 5.3.39-tuxcare.8 of org.springframework:spring-jms. Spring version 5.3.39 is not affected to CVE-2022-22968 as fix has been already already backported by the original developers" }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:7728ea2a-aace-554c-858b-b56ad49e4b37", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.39-tuxcare.8 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:e9ac126e-a93d-5bbc-946a-338c9affa1aa", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.39-tuxcare.8 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:d1c84fb3-e211-582f-a561-575ea9bedb7a", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.39-tuxcare.8 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:f7878f51-c6f4-5265-99b8-e6d665d33132", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.39-tuxcare.8 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:e6d498da-1a3f-5e28-b704-12d2ed55ce82", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.39-tuxcare.8 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:5533c2dd-1307-515c-9392-b2a53f198657", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-jms 5.3.39-tuxcare.8." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:5e6ec949-7e9a-5a44-bd95-491628108ab4", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.39-tuxcare.8 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:39bd1061-5ffd-59ef-b576-beecae4e6ba0", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.39-tuxcare.8 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:c9fb0684-641f-5acd-886e-b9acb7432409", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.39-tuxcare.8 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:f44cd8f6-e6db-5a08-af06-12e8da7f125e", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.39-tuxcare.8 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:85ef266d-c595-5c99-9d06-65d0b95056cb", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.39-tuxcare.8 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:7e654967-31a3-544d-ace4-254cf624b30f", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.39-tuxcare.8 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:fe139511-9be6-5ae0-9ae7-3bfafadb886c", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.39-tuxcare.8 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:ff5294d7-f793-582d-86d7-ebb44dfd7623", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.39-tuxcare.8 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:c4a5e992-f2f0-58df-840e-5bdd1a1d35ec", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.39-tuxcare.8 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:e30cb049-62ee-5a5e-9361-ce87f469c861", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.39-tuxcare.8 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:8b4f2287-1bde-5219-a42a-c19b4e44557b", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.39-tuxcare.8 of org.springframework:spring-jms. already_fixed \u2014 The target Spring Framework 5.3.39-tuxcare.12 already contains both vendor fixes for CVE-2026-41840. The fixes were backported via commit 4ef4cdca34 (May 13, 2026) under CVE-2026-22740, but the code changes are identical to the upstream patches. Both doOnDiscard handlers are present and active in PartGenerator.java and MultipartHttpMessageReader.java, preventing memory exhaustion from unrelease..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:9edc3a88-e307-526f-a4e6-24f7fc709e34", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.39-tuxcare.8 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:d40a10f6-b58a-51f8-b2f9-5240b31db872", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.39-tuxcare.8 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:57fd1c2d-42ef-531b-855e-e70eb0f3621e", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.39-tuxcare.8 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:d1cb9e92-ad60-59bc-a070-94826099f234", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.39-tuxcare.8 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:9ed2689c-2394-578c-a508-181584608547", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.39-tuxcare.8 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:dafd13e7-fd32-5f65-b6ce-e33cfa1eab87", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.39-tuxcare.8 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:0273140a-da37-506c-8326-51ec640deffb", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.39-tuxcare.8 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:070319a8-8472-52f2-92a3-f7218313ba70", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.39-tuxcare.8 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:8dfbb6c2-e656-5569-a010-ea81e462a43e", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.39-tuxcare.8 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:2afb7702-516e-500f-81e0-e094da55b4f6", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.39-tuxcare.8 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:1a4bd87f-23fc-50e8-bd00-be02ea1c56f4", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.39-tuxcare.8 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:505605b4-41aa-5958-835c-05d75ec21d5a", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.39-tuxcare.8 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:63d6a4da-e165-5855-ac6a-9b51b0612213", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.39-tuxcare.8 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:2bceea06-10e7-5d4b-9d28-f57a5d896fa1", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.39-tuxcare.8 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.8" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39-tuxcare.8" } ] }