{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:10a8f8cb-a21f-5377-8a79-79173faee767", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-messaging", "version": "4.1.7.RELEASE-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:7d9c4108-f8a1-5639-9523-e1368a32ab74", "id": "CVE-2015-5211", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-5211 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:317237ed-7b26-5caf-b85a-f3ebd2285d41", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9178aefb-48b7-5fef-9ed3-af52fe5fc539", "id": "CVE-2016-5007", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-5007 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:035125af-2796-569f-afad-bc0295734f19", "id": "CVE-2018-11039", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11039 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0c7fa4a3-74fa-5991-8894-fdecbafdca8f", "id": "CVE-2018-11040", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11040 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a0efc883-aff1-52bb-a058-8e173a7d037c", "id": "CVE-2018-1257", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1257 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:af7a686b-d743-5d72-b29e-9a26cc5974ff", "id": "CVE-2018-1270", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1270 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:910d60ce-4ef2-53b5-bbf3-6432a5f16509", "id": "CVE-2018-1271", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1271 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:deca577d-26dc-5b42-ab84-0e78d02753e4", "id": "CVE-2018-1272", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1272 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1a24b51d-fdc4-5f20-bae2-b213aae94951", "id": "CVE-2018-1275", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1275 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ca0a0e7d-107d-521f-889a-3dde1b8a12c4", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:959042b7-3883-5604-849a-37a0759c8341", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5518494d-1cee-5d96-8e48-e90b8886f520", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:60848fd6-7890-5008-a678-79ef573635b5", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:743f158e-be94-5262-adc0-146caf3866d7", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:effdd01e-b3e4-5168-a353-673fa087cb2c", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ff4f164d-7a60-5cd0-abd2-e2c353f022da", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b9cf1015-26e6-501a-8b9a-10a83a9c5739", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:58854281-6ba1-57f4-9f88-0e8c791354cc", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:fd8e9cb0-a303-5da2-9dea-fa0653d28e5a", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:bd29bb76-45c0-5382-a6ac-e78a3864d00e", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:103f0db7-963f-5627-9023-62f5fefbf0d9", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4144e775-33bf-5641-9806-83d8ebeb5f33", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ef13822c-2107-5bd7-81e1-9fddb41300d9", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:033102d0-acc9-53e9-81b5-1dd4feb124d0", "id": "CVE-2024-38809", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38809 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5058c1d7-0f7a-5b36-bd68-4616abcdecf3", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:75929e3c-6dad-5bc0-94e9-9e2cd5b0b4d8", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:04c1c694-a03f-5739-92aa-780c9e7a1e03", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f417bd43-f33b-5e7f-ab24-d20d5a907ca7", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:25f3dfc7-9c17-50dc-b924-662492bdb17d", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:65c3defd-8449-5345-b7fa-33bf05b25714", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ec0dbef7-467b-57cf-bb21-5bed90a22d53", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:85e93ed5-ea02-50ae-bf85-5f3e01e9b962", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:db7fbfe5-4ef0-5e84-a572-fd3ce2586d7b", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f370e53f-57d0-5a86-8191-7befc3c2c33a", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:32288380-5dda-5fa2-bba1-11c56d3cc25b", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5fb2755e-7b43-545d-8269-e9097ea5af94", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:15270c76-2863-5d4a-a247-ba1f1c36bc90", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f11a776e-b00b-593f-a54e-3383d78f5751", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c7a0a8d8-1f19-5c55-91b2-60092f0e758e", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:70c981a6-d093-5449-a00f-55d0f1f1c06e", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4a72a4d6-3595-56c8-8c0a-83c4166020f8", "id": "CVE-2026-41852", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41852 does not affect version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-messaging. not_affected \u2014 Spring Framework 4.1.7.RELEASE is not affected by CVE-2026-41852. The vulnerability requires record-style property accessor support (empty-prefix method lookup), which was introduced in Spring 5.2+ and does not exist in version 4.1.7. While this version lacks void return type validation for getter methods, it cannot invoke arbitrary zero-argument methods as described in the CVE." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e33f7b4b-47c3-579c-9415-4b4187a27c2a", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1acdc453-3bb1-5c07-b070-d3555a9d0bf0", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-messaging@4.1.7.RELEASE-tuxcare.4" } ] }