{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:b22a0b08-05b0-5ff6-9ce3-a8c660fa26f5", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-messaging", "version": "4.1.7.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:0fcdda55-ad7a-5c78-9350-7e442eb3ac2b", "id": "CVE-2015-5211", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-5211 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f0d6ffbf-e216-5582-b320-72079f6d2c4c", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1c8f66a8-0d25-5abb-b353-13fa149d67ba", "id": "CVE-2016-5007", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-5007 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8c1e7399-1b6b-5d22-b026-abf7c9d8b063", "id": "CVE-2018-11039", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11039 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:53e990c0-2eb1-5617-b4af-9eb934cf0660", "id": "CVE-2018-11040", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11040 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d695ab57-2271-5cf7-a7b7-2ff60c56c566", "id": "CVE-2018-1257", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1257 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1f5d93fa-464f-5da6-a1d2-29a58fb1bd02", "id": "CVE-2018-1270", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1270 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:55e0f160-5c9a-595c-a327-ba2945556fab", "id": "CVE-2018-1271", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1271 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2af1cbd9-310a-549b-a61a-3a1f8b65b7ef", "id": "CVE-2018-1272", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1272 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b69ca3b7-25e5-5002-b850-2645e1f47c65", "id": "CVE-2018-1275", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1275 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c24c0420-7679-57a1-ad03-bd3a941ac16b", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:da0686eb-48e2-5562-ba2c-7a30e87530a4", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6f72a752-19a5-522e-a00d-24af79f6b17c", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7c9ffb40-0d32-588f-a582-99ec5bbaf339", "id": "CVE-2022-22950", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22950 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4b22bf23-9867-5533-8192-c0aa1cf0ea48", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f889ad42-de92-5fb7-968c-5b1bc5fac2a4", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8978c4ca-b27f-5654-90c1-8f3e86b3e8fd", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f43fda0e-2587-514a-9256-08c3401afa15", "id": "CVE-2022-22971", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22971 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8b79af4a-58a5-510e-872a-8d6347363dc6", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:86d8815c-4206-578f-9e0f-6f0e39d29967", "id": "CVE-2023-20863", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20863 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:508a46b8-a7eb-5fd1-ae59-641c2e97b1ce", "id": "CVE-2024-22243", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22243 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:590eb44b-7349-54b9-b6da-f9ec339b5f7a", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b2e3d7b3-f800-53f3-a6ff-469f6a7ad189", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:da4641c8-d372-5e91-955e-788f9d62e670", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:23c17ccd-fa28-56b2-9f6f-50f585e8cf9e", "id": "CVE-2024-38809", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38809 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0a0c2020-5b1d-5312-999e-c95c728a4f65", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4ceff626-7234-54a2-a15f-73ebbb6a1c08", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:db75dae4-4a19-587f-98be-1eef63d3f0f7", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:91fd2dae-a75a-5c9c-b5bd-f626d25759e3", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1e2fe475-ad9c-53e5-9524-326318280ab3", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1d2a3c40-96af-5e6b-8a63-bb4ea5bb1b14", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f5f7a9e7-09f2-5035-8b79-7b4c79b6df48", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:13e68f37-0534-5c0d-9bbf-89bb91602b60", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b9cd3135-b66e-5ea6-994d-393a51de6dbb", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:86cb607e-4465-596a-9d2a-652fc5035299", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7d6a0d94-d8f2-5a0d-a641-63628161cb67", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:93bb286e-5c8a-5788-809f-a7f157ee59f2", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a2260f37-4abb-591c-b99d-1aabf2e17ded", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:aa86ef9a-9306-50dc-9659-5034f017b427", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:240dd3ec-09ae-556e-9042-286e9d2580d9", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0caf35ca-1900-5f69-84fe-05435cc72cd6", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:22871cd5-00b2-5b52-84a4-d7dd3d5fd8b9", "id": "CVE-2026-41852", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41852 does not affect version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-messaging. not_affected \u2014 Spring Framework 4.1.7.RELEASE is not affected by CVE-2026-41852. The vulnerability requires record-style property accessor support (empty-prefix method lookup), which was introduced in Spring 5.2+ and does not exist in version 4.1.7. While this version lacks void return type validation for getter methods, it cannot invoke arbitrary zero-argument methods as described in the CVE." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0e007648-d446-500d-a449-a8075d618d41", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:223dac19-3d66-5fd1-8e49-ebe91ddc4ab0", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 4.1.7.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.2" } ] }