{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:df8ffc0d-92d3-564d-85c2-cdf0d088fac9", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jms@5.3.39.tuxcare.6", "type": "library", "group": "org.springframework", "name": "spring-jms", "version": "5.3.39.tuxcare.6", "purl": "pkg:maven/org.springframework/spring-jms@5.3.39.tuxcare.6" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:ec1d81a0-6475-5ad1-bc96-a81817eadfa7", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.39.tuxcare.6 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:8af30cd5-69db-5d0c-adf6-e019f6d45d8d", "id": "CVE-2022-22968", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2022-22968 does not affect version 5.3.39.tuxcare.6 of org.springframework:spring-jms. Spring version 5.3.39 is not affected to CVE-2022-22968 as fix has been already already backported by the original developers" }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:3dd78ee8-066d-581e-8e85-6b0e864c4ac0", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.39.tuxcare.6 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:a9c71933-5a3c-5a6f-ad93-5dc01fb89079", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.39.tuxcare.6 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:7d383216-af49-554b-be5a-204556d49614", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.39.tuxcare.6 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:6ce7d12c-c68c-5928-b847-f541882de69b", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.39.tuxcare.6 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:b4fe3827-cafa-5da5-a85f-3eb2763c9eda", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.39.tuxcare.6 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:74262f33-2705-5b45-8e40-54f34ba8f493", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-jms 5.3.39.tuxcare.6." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:673471b9-90af-5693-8ba7-3551c82f4968", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.39.tuxcare.6 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:419fbcc8-e703-5a07-b002-51e0eb13fccd", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.39.tuxcare.6 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:644a84d8-7a10-5989-846c-ff3dc8dfca24", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.39.tuxcare.6 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:82b0d0d3-9a1c-5c69-a9fa-2cb5d8a5771f", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.39.tuxcare.6 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:3175246c-8270-5ea4-8072-ebce31317bb3", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.39.tuxcare.6 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:1fdc8010-6fa0-5210-b2dc-276e3877df90", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.39.tuxcare.6 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:38b1bbc4-6b3c-51c0-ba65-3c845e1f864d", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.39.tuxcare.6 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:6aed4bef-affb-5727-92c4-1344edb4b709", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.39.tuxcare.6 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:29e29951-9c7c-5a5c-b628-5641d2c18f1b", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.39.tuxcare.6 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:7b12b169-abf8-549e-9283-bd9d959fbcaa", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.39.tuxcare.6 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:e5021ca8-89bd-530d-9b71-72dca2ffa472", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.39.tuxcare.6 of org.springframework:spring-jms. already_fixed \u2014 The target Spring Framework 5.3.39-tuxcare.12 already contains both vendor fixes for CVE-2026-41840. The fixes were backported via commit 4ef4cdca34 (May 13, 2026) under CVE-2026-22740, but the code changes are identical to the upstream patches. Both doOnDiscard handlers are present and active in PartGenerator.java and MultipartHttpMessageReader.java, preventing memory exhaustion from unrelease..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:c61fb033-3bde-58d6-b641-ef732b04d8c4", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.39.tuxcare.6 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:f091d2cc-ebf1-5fb0-8333-42857155c416", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.39.tuxcare.6 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:164a835e-219a-5e96-8a47-788b3f0f9a59", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.39.tuxcare.6 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:04819dcb-59f9-58c6-a472-56495fb748fd", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.39.tuxcare.6 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:23fd85a4-4a2b-5537-bf66-70aa423eb6fa", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.39.tuxcare.6 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:449c1221-f784-5a99-b7d5-29b0a825b19a", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.39.tuxcare.6 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:51e614f6-fe0c-54af-8309-3e69bda4fbeb", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.39.tuxcare.6 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:efe3c989-00f1-504f-a5ee-28245ab3d9c7", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.39.tuxcare.6 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:8516edd2-4f74-59e8-ad79-d00e11a17ecd", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.39.tuxcare.6 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:a75d5aa6-a3c7-5bf3-9f76-9ad504c7a244", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.39.tuxcare.6 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:336f2007-db12-5915-8790-6d2b353ced9c", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.39.tuxcare.6 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:aa75bfba-ef25-5342-9edd-88a00242836f", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.39.tuxcare.6 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:e1e5c76b-40b6-5e29-880a-9feede9f0090", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.39.tuxcare.6 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39.tuxcare.6" } ] }, { "bom-ref": "urn:uuid:503840c2-6b54-55cd-9f46-c42b23334d51", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.39.tuxcare.6 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39.tuxcare.6" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.39.tuxcare.6" } ] }