{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3c1415cd-c837-58a4-8d5a-aa0a4518cb32", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-messaging", "version": "4.1.7.RELEASE-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:d1a44495-b53e-54a2-a3f3-8813ca9e06be", "id": "CVE-2015-5211", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-5211 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:572ddb08-63cb-5787-96e7-47439f16273d", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:91903624-07c4-5c5d-a14d-8c45dca65bd9", "id": "CVE-2016-5007", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-5007 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4cbc090e-d21a-5cbe-b4f3-56a95c92b58f", "id": "CVE-2018-11039", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11039 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1f53a0de-8d35-5522-9535-3c18b66d4ef9", "id": "CVE-2018-11040", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11040 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:58aa0c0a-178d-5d8f-83d8-a263c5a92133", "id": "CVE-2018-1257", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1257 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:79a9f849-833c-5602-af04-9a834b135a60", "id": "CVE-2018-1270", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1270 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:74b44bcb-cf49-5d8e-8d87-e7cbcfd7546b", "id": "CVE-2018-1271", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1271 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:40ab252f-9e47-5a35-8e92-f57b397f1523", "id": "CVE-2018-1272", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1272 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:28f334c4-9328-568f-9f1b-f332883efa71", "id": "CVE-2018-1275", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1275 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b44fdfb4-a9b9-5c36-b1ce-2446536a722a", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cc7d7da7-02ba-5d83-8bdf-f71095f992f1", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c6eea034-6e9e-5d06-b928-a242405a1114", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cb15f9ca-8a2c-5351-b73a-e229dd28f789", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:72f934ee-f9bd-53ab-8ce1-62f785d73ce0", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:93a3122e-c0ed-586f-8b5d-7fc198529798", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d46474c7-4827-5be1-8cb7-6c62d948d288", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f908dc80-2443-5817-819f-ad4e41a16529", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6e5242cf-1f59-5ba1-8574-1eafa316926e", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:19b5b244-a6e7-5074-b924-eaa04d47eb7a", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:21b668a1-83d1-5b77-9625-449a85211685", "id": "CVE-2024-22243", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22243 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4f892344-f258-5de3-aa55-4e499b17181f", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1dd783f0-9da8-5ee4-84a4-7c077e32e360", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f8aacdc1-8b4c-5227-bee9-28742f855909", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cdc9cad2-dd7a-55a1-9813-f8f51e413ab0", "id": "CVE-2024-38809", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38809 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:871aea4a-8bbd-573d-aee2-4f9418d4ed18", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:42ba46e2-5594-5ce7-a654-a22575aa018b", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e50ad120-79bb-5732-9b0a-2fb628e3deb4", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:11388667-43ce-59e9-b1ca-931c861815ae", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ea2e9845-ff7d-599c-bf43-97bb0976e43c", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c22e2ebf-823c-57ee-87d2-28b98371115c", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:32faf62b-ef20-55a8-a792-7763e922bea6", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3da6a5c6-1f8d-5238-af21-46b0631fe9eb", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:234ef579-69f4-5120-82b5-31c40c1f666a", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a5a6b1e8-2eb5-51d5-a97c-4ad526fadca4", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:216a5783-2213-5046-a7d5-ab00db8b9bfe", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5e94abb8-ab29-5eed-b116-3c63435301e8", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4d5ded34-b970-55bf-9424-b728ed451c8c", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:81067d74-ff5b-5c8f-92e9-eca319ce4f1b", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:33c1a704-1267-5a63-9f54-1d250683b264", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3b26c8c3-fadd-52f3-a368-193913eaa09e", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:47127282-0c90-5a11-b994-646d0822a4e9", "id": "CVE-2026-41852", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41852 does not affect version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-messaging. not_affected \u2014 Spring Framework 4.1.7.RELEASE is not affected by CVE-2026-41852. The vulnerability requires record-style property accessor support (empty-prefix method lookup), which was introduced in Spring 5.2+ and does not exist in version 4.1.7. While this version lacks void return type validation for getter methods, it cannot invoke arbitrary zero-argument methods as described in the CVE." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f9e19adb-35d7-5611-be7a-ff29646b818e", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:519a80bf-4840-55db-bd56-d0949e319b5b", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.3" } ] }