{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:8096af07-50c5-5e62-92fa-d2e17ee5baca", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jms@5.3.39.tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-jms", "version": "5.3.39.tuxcare.1", "purl": "pkg:maven/org.springframework/spring-jms@5.3.39.tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:f9ecc985-3fdc-558c-9dd6-bf4dd68d747d", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.39.tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e6acf045-478a-5d56-8d52-cf33bc185ea3", "id": "CVE-2022-22968", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2022-22968 does not affect version 5.3.39.tuxcare.1 of org.springframework:spring-jms. Spring version 5.3.39 is not affected to CVE-2022-22968 as fix has been already already backported by the original developers" }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:268d2649-2c63-56ab-936b-db0682a4767e", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.39.tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:849af310-6921-597d-bc76-0b15c6da3983", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.39.tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1451a3c1-335f-5576-8070-55746a7c5454", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 5.3.39.tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bd5bf08f-15c6-5674-84bd-5e840418c1bc", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.39.tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2cdde7ab-0ec9-5e67-9222-bede1dc119ba", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.3.39.tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:95e80a41-4946-59e1-b750-5a51467cce4f", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-jms 5.3.39.tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0e14b590-4e3a-5ec4-95ef-00e3d972bf27", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.39.tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:757584f3-2cbb-5323-affb-61570225e076", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.39.tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:135244a6-f875-5927-bb39-ff08d4aa9661", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.39.tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8db892e9-a1e3-5b10-96c9-7c4cf14258a4", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.39.tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d2aba865-1a69-5027-b212-ce1ed79aae45", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.39.tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f0a9ebd1-d234-547d-8453-a0c91095bf33", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.39.tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:56e04ba5-32c8-537b-893b-c87b51738043", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.39.tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7f308610-9b06-5db1-bd33-fcce716d96d8", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.39.tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:15dc80ae-1f57-54c8-9e49-d71906f91569", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.39.tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dda2f71b-7bca-5eea-9954-58aa28484b2a", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.39.tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:02a15c72-d76c-59e1-afae-a5167dfae174", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.39.tuxcare.1 of org.springframework:spring-jms. already_fixed \u2014 The target Spring Framework 5.3.39-tuxcare.12 already contains both vendor fixes for CVE-2026-41840. The fixes were backported via commit 4ef4cdca34 (May 13, 2026) under CVE-2026-22740, but the code changes are identical to the upstream patches. Both doOnDiscard handlers are present and active in PartGenerator.java and MultipartHttpMessageReader.java, preventing memory exhaustion from unrelease..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d062ba4f-d678-5771-b0f0-7aad058854ab", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.39.tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b4212a2a-2590-5363-a583-14b68bdd0a57", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.39.tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2119f846-4920-5bab-9c92-d45e913c4d20", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.39.tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:caefdc68-1e27-50e6-b95f-d142c01102a7", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.39.tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:28ed50dd-eb1b-5312-9daf-ce09519a3977", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.39.tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7ac91af3-7514-562b-a0cc-c9232925b1eb", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.39.tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:81f6f7fb-971d-560b-be43-4667b949a138", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.39.tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:326d87ad-9b44-5840-8cc9-5849e5e3a017", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.39.tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:baba38b9-5fb1-5bd4-bcf1-d434b29ea014", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.39.tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3688c48c-b714-55c9-bdf5-9b2fef203546", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.39.tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ba41f78e-33a8-54a5-9c4b-3c1dd3c7469e", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.39.tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a4e08d12-ff03-53ad-9b06-06b12e2380db", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.39.tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a6af0a6e-a14b-5cbe-a41d-3276d85ae20e", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.39.tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7d1fcf09-8a4f-5280-9ad1-9278081e8ec5", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.39.tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39.tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39.tuxcare.1" } ] }