{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:1e928b90-074c-5585-8db6-cad62168720d", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-jms", "version": "6.1.20-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:96c5da43-c0fc-5542-a574-e9a3dd45ff40", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.20-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:aa84e23b-8d17-5b93-b10a-31657fb704cd", "id": "CVE-2025-41234", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41234 is fixed in version 6.1.20-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c7e358d0-4616-5491-ad77-7c410a59d96e", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 6.1.20-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bbed437c-8b6e-562c-bc7a-ed372a9dc77b", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 6.1.20-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cea6b4a3-c875-54ac-9f6a-b62335b66e7e", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 6.1.20-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:12759fa2-09c4-5125-a3e0-cc0adc9cb6e6", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 6.1.20-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7ee4ab7b-c885-5b23-ba84-3170b9d968b2", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 6.1.20-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:aaa06b3e-d91e-5259-ad36-24617e763977", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 6.1.20-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e68a7300-0d13-5900-baa6-521c21a9c2f4", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 6.1.20-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ee41552c-a472-5bc0-99c3-4d5b89764a92", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 6.1.20-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0ec8ac61-d53e-5f98-b135-a60e47242210", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 6.1.20-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ebca9f27-cc16-566a-89ef-675649a0aca0", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 6.1.20-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:090ff2b4-937d-5266-b826-655c98fe31e0", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.20-tuxcare.2 of org.springframework:spring-jms. already_fixed \u2014 Spring Framework 6.1.20-tuxcare.4 already contains both doOnDiscard handlers that prevent the multipart memory leak vulnerability. The fixes were applied via TuxCare backport commit a6b78f2a1c on May 19, 2026 under CVE-2026-22740, which appears to be the same or closely related vulnerability as CVE-2026-41840." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ec954203-2c27-5236-8467-258336eba4a2", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.20-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c565e0f5-040d-54eb-9d3a-89be7e9e075a", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 6.1.20-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:838b05ca-a117-5fe6-adce-6f3c9c190da6", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.20-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:73c89438-4017-5e94-9ead-a63fc189233c", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.20-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:781f2e6a-a556-5988-b2e9-d2832b459a31", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 6.1.20-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d5c88186-8b5b-5211-aa42-5ed059e1d6f5", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 6.1.20-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2b8da799-025c-51d4-adac-3187bd4538e9", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 6.1.20-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:038df3bf-3a94-541f-a688-5e6e20254968", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 6.1.20-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:faf2be77-e61a-5243-a0d4-fdbe1b6bf25b", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.20-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2cca6f90-6d0a-5414-9d68-a1fa57760880", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 6.1.20-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ee5f2be0-0906-5b64-8312-fe317e1562e0", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.20-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2d280c44-6dcb-5cd4-88bb-61fa8fb06e3a", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 6.1.20-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.2" } ] }