{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:10798640-f77e-570a-a4c3-9f46cedb4fc3", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jms@6.1.21-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-jms", "version": "6.1.21-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-jms@6.1.21-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:43d92c7b-56f7-5336-9e4c-fc6b45ec299a", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.21-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a0a1bdbc-ef98-5088-94d7-72efdd9bdb40", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 6.1.21-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:32a6c469-51bc-5257-9909-158e98697dbb", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 6.1.21-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d14813b6-e8c7-559b-aaa3-c226d97acac3", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 6.1.21-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6cf3c2a7-9c5b-5070-922c-eb85d50ced82", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 6.1.21-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b30b5da5-942a-5c63-8728-b871e2b836c5", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 6.1.21-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:403348fb-a352-5775-ae19-1c2f882c76c7", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 6.1.21-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5c1e8cd8-849f-5581-afac-c4269e945b40", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 6.1.21-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a39959ab-e5a6-59f3-a0f7-86ca6f89704a", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 6.1.21-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:fc0565e0-edb8-59df-a226-e55df3b447d2", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 6.1.21-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ea4363b7-0f94-575b-b5ae-f4005680baaa", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 6.1.21-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3c0c170a-fdf4-5916-b6f4-33e45c0c67d4", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.21-tuxcare.4 of org.springframework:spring-jms. already_fixed \u2014 The target repository (Spring Framework 6.1.21-tuxcare.6) already contains both upstream patches that address CVE-2026-41840. The fixes were previously applied as part of TuxCare backports for CVE-2026-22740 (commit d8aa04a97f, 2026-06-08) and memory leak fixes (commit e7c90921fd, 2026-04-29). Both doOnDiscard handlers are present in the current code, preventing resource exhaustion from multipa..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:fccc17ec-960e-5778-bdf7-d718fc3d16df", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.21-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e4deae64-96bd-50d7-be62-352cf4b27677", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 6.1.21-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:39327f79-297e-5f7f-9108-f842bca1e797", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.21-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:765d5d05-3558-5894-b742-6cd4a73c9a1d", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.21-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6e3036f9-bbed-5945-a80e-dae19d2728f0", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 6.1.21-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:070b0589-62e5-5bb5-99bf-7ee606d80a5f", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 6.1.21-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8db23bc4-6afb-507d-a29b-809b2164a3b0", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 6.1.21-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5bcde7cf-9921-5d1f-8ca7-d6bee939a277", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 6.1.21-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:be32af24-10c8-5cd6-b7fc-810176e36b60", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.21-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:de136076-7ec0-5d03-818b-a4b490bec005", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 6.1.21-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:87c6a2b3-2520-50a5-8bb0-b44087f64b88", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.21-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.21-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ea3a4234-79dd-568b-981b-01c26ae53048", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 6.1.21-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.21-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.21-tuxcare.4" } ] }