{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:78c068e6-82cc-52d6-a34a-cfb98660a3fd", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-jms", "version": "6.1.20-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:c1b03be6-5be4-52a6-b024-e42535435abb", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.20-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7885620f-3e49-5aaf-b303-0031d36430fd", "id": "CVE-2025-41234", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41234 is fixed in version 6.1.20-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b3916bf1-ce02-5f98-815f-518f7ac414e5", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 6.1.20-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:089ca702-13d6-54d4-a0e8-daeb3da1fd98", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 6.1.20-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c274b3cc-cf31-5706-b36b-5e7a76dc0897", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 6.1.20-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:edf08bfe-847c-5c27-bb37-d0ffa82a4d50", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 6.1.20-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3b75b0c9-7f67-570b-a5fb-5c581dc98f0b", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 6.1.20-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:caab9aaa-19de-59ce-b8bf-78f487e94eb1", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 6.1.20-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b5c45757-91fd-5d9b-9c2d-257e0c19eff6", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 6.1.20-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:33336f84-56e2-559b-ac2f-20247e6e8d6e", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 6.1.20-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0e9491bc-dbe7-55f3-aa03-d850f166e19d", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 6.1.20-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cfcb3dff-255c-546d-8acd-5feacb7c170f", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 6.1.20-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f7a0c06d-6b1c-5c24-8fcc-f83bf6f54ea8", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.20-tuxcare.3 of org.springframework:spring-jms. already_fixed \u2014 Spring Framework 6.1.20-tuxcare.4 already contains both doOnDiscard handlers that prevent the multipart memory leak vulnerability. The fixes were applied via TuxCare backport commit a6b78f2a1c on May 19, 2026 under CVE-2026-22740, which appears to be the same or closely related vulnerability as CVE-2026-41840." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ff2df0f7-d843-5409-adc1-96b790e4bf66", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.20-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:947e0c49-a57b-5817-9743-78e56c9821f6", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 6.1.20-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:327b5ba3-f431-5fea-ae98-9d6612fc7118", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.20-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:be88a458-d928-5ded-afe1-9ab773700d60", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.20-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5c1e1a4b-a8a3-5648-b9fb-a13432cf738b", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 6.1.20-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:717dea2b-61dc-57ab-8040-2f5d64151875", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 6.1.20-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a9da7afb-dfa8-50d5-bc2d-274d4d90c7bc", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 6.1.20-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8ac68f2f-7461-5669-a387-f909b8c4d392", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 6.1.20-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:80333ab4-20b6-5bb0-932c-b72697fbe67c", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.20-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3a791993-3b8f-5749-8cca-fd7e8e624434", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 6.1.20-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bb1819f7-1c6c-59a3-bd81-92cbbdd73fa3", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.20-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b3a6bbb0-b06e-53ab-9c10-c42730e13323", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 6.1.20-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.3" } ] }