{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:7819cd02-160d-5611-8c12-cb4f7041e857", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-jms", "version": "6.1.20-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:1291c799-cf21-505c-b0df-ade941ee326f", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.20-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:325a1162-2b14-5b0a-b06b-60c79c55c893", "id": "CVE-2025-41234", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41234 is fixed in version 6.1.20-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d7697882-8de1-56bc-b081-c968b0f3d5c5", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 6.1.20-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8aa17eaf-f1d7-534e-8e29-ab9b2046b34b", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 6.1.20-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c533da60-5824-5bdc-8664-8224a9053dcf", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 6.1.20-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:34d8c0ae-0e1a-51f5-a34c-68b354d9ea41", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 6.1.20-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3dbca4ec-a44e-5630-9ee9-a8a31d6dc80a", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 6.1.20-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2e8252cb-ded3-5bc5-bf44-53c029ba34ed", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 6.1.20-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2bac934a-5972-520d-9736-77b470b7b03f", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 6.1.20-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1054ac2f-2355-5fc5-9199-8257b87e148c", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 6.1.20-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:71ca053e-e27e-5afb-a758-82d2240de8a6", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 6.1.20-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a1af0e33-6f10-5b7c-a3eb-0c8216fdd8a7", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 6.1.20-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2ed3195e-6225-5b35-b8f0-433063d81ab0", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.20-tuxcare.4 of org.springframework:spring-jms. already_fixed \u2014 Spring Framework 6.1.20-tuxcare.4 already contains both doOnDiscard handlers that prevent the multipart memory leak vulnerability. The fixes were applied via TuxCare backport commit a6b78f2a1c on May 19, 2026 under CVE-2026-22740, which appears to be the same or closely related vulnerability as CVE-2026-41840." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:db2532c8-9e25-5bec-956f-f3c2c358161b", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.20-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3c2374dd-e862-5764-8ff8-2ece7d666dd0", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 6.1.20-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7807d0e4-3735-5546-a708-83a866301078", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.20-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6c6acea3-e3f2-5352-8201-41acff85951b", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.20-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e4b902e8-10a4-5289-a360-d3e4ea250ae5", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 6.1.20-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0869bc6a-9b08-5a83-934c-674d97f5f5e5", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 6.1.20-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:38329d6a-4264-5ab7-9bfc-fd9b4eb9d74f", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 6.1.20-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e7d581ea-47e1-5331-a97b-7fc7bb33c983", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 6.1.20-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c6d1140b-3b7a-5e87-85c2-ab0242e2775a", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.20-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6b87953a-0afa-5351-927f-2757790d8881", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 6.1.20-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:903f2df7-01f6-53be-bd43-4bc9a2bc0bbc", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.20-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4bb65c55-3208-5c32-a885-4479542b9b7b", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 6.1.20-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.4" } ] }