{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:fa12ec80-b8e9-5fed-a3a5-bfccedfb669a", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-jms", "version": "6.1.20-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:6fe98134-5f4a-5f90-80e0-85ef04030027", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.20-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d3f911c5-b733-5680-89f1-e8db86cd51d0", "id": "CVE-2025-41234", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41234 is fixed in version 6.1.20-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5595556e-d8b2-5886-85a9-a75d5129dbb9", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 6.1.20-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0a3dae17-7e0f-50eb-8a13-6b38594452f7", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 6.1.20-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ebc5e828-82f0-5601-a541-2245b0161354", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 6.1.20-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0474c776-69aa-5dc2-b3b5-67642f4d86df", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 6.1.20-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:052f91e3-c0b2-53c9-99ad-1643a74f6389", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 6.1.20-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:20ffe392-5808-5f57-877c-1d29230e86bb", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 6.1.20-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:33febaf5-7b9d-566a-bf02-84fc4cc3d7fb", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 6.1.20-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ea754236-b840-5997-adc9-ffa44e15af88", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 6.1.20-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cbea2f23-a182-51e7-a9b2-229709576b46", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 6.1.20-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8cf2a2c7-1e98-5b19-a55b-d9e227641208", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 6.1.20-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:25aa2fe4-948a-5fbe-a384-8efba97f10b2", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.20-tuxcare.1 of org.springframework:spring-jms. already_fixed \u2014 Spring Framework 6.1.20-tuxcare.4 already contains both doOnDiscard handlers that prevent the multipart memory leak vulnerability. The fixes were applied via TuxCare backport commit a6b78f2a1c on May 19, 2026 under CVE-2026-22740, which appears to be the same or closely related vulnerability as CVE-2026-41840." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7fb55c27-3731-51c6-8dc0-de9231bd96ac", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.20-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2c18d8a2-8856-532f-9f71-a0ae59e9ca64", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 6.1.20-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:270e6dc5-008d-56d5-8d85-4dc519285a5a", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.20-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:df5f025e-0b48-5c5c-b92c-87ab00c9c9ea", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.20-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2a7b59c6-76ad-5d8a-b662-ce5910932f48", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 6.1.20-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:746b4b5d-51de-52e0-af83-4c6895ee064b", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 6.1.20-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b0baa430-dc25-5335-9f59-43b19f51ae7c", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 6.1.20-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:47c60469-a521-58e1-bda2-951a8be62d68", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 6.1.20-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:96d0466d-bf6c-5284-95d0-7ef45dae13df", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.20-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:005f9171-d21e-5010-b20c-e77fc2cf2393", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 6.1.20-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:56072234-9e5d-53fc-8ad0-360a454088be", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.20-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ebee3252-9c87-5334-befa-4f2d10d951ce", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 6.1.20-tuxcare.1 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.1" } ] }