{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:acca71a4-ed89-51f0-b76b-1bed7742b739", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-messaging", "version": "5.2.13.RELEASE-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:a1650283-d559-53f0-b33c-d7dfe6abf147", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d3499a59-15fb-5b03-8bdb-b7f600b4d9c7", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1f19dd67-a73f-5f6d-a128-6e028569fbd9", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f3ad276d-7e18-5cf8-8360-9e61d51a4a6a", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:757a80f0-6359-5be7-adcd-744f30848024", "id": "CVE-2022-22950", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22950 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:362bd592-a609-5963-b82c-2fe4f8a84347", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b9afccc1-0a7a-51c1-83c5-f1501eb06c19", "id": "CVE-2022-22968", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22968 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:eda13a1c-1b37-5e02-8815-1128a42d4c3a", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:364db5dc-6aa0-57da-a42f-29c090ab06b7", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:137a6ca9-a9d6-513c-b6cb-7d8be0cf48ae", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:373c50d6-80c3-5d99-b07c-e15e4291fe92", "id": "CVE-2023-20863", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20863 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ec220ac5-306c-54f6-832a-727b80963544", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c4a879df-3c36-53d8-8da8-3d643625ae4a", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d8197b28-01c7-5281-8b3d-4e288cb1db88", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0e97d6aa-ff0f-5587-b1c5-6d38424b3f86", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5c28b3a4-b48d-506d-9283-18524bc6e09d", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8e8b9cf9-87b2-5a03-bb93-ab2fc188ef1d", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:39aa5388-3e33-5ba2-a42d-1f638ce95839", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ee0ea3a1-91a6-59e5-9dc6-e9aca0ea3f52", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e63a48c5-8b75-54c6-b727-85a8e2262872", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c742958d-9c8d-5efc-b57b-890035507067", "id": "CVE-2025-41234", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41234 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fa7ee39c-ea28-5515-81d0-3bb50f7e0e4b", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b7889695-f421-556c-bd1b-ae3898d46a1a", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d286087a-c04f-551f-8025-b67fa18f7d6a", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ad78b946-fb59-5996-9027-a629f3184087", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:43c193b0-fe18-56fc-9c76-d9f9ca1791e6", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:657cccd7-233f-54de-8c97-672bf359ad39", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b92bf120-f975-5e8a-a887-f4afa39f0c9b", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c99392f9-0aef-5ff9-ab5f-6671cbc00560", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-messaging. not_affected \u2014 Version 5.2.13.RELEASE uses a fundamentally different multipart parsing architecture (Synchronoss NIO library) that does not contain the vulnerable components targeted by CVE-2026-41840. The CVE explicitly lists affected versions starting at 5.3.0+, and the patches fix issues in PartGenerator and MultipartParser classes that do not exist in this version." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e7f57a20-ac77-5c0d-afad-411c2d4c2a28", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d62234e5-76e1-518a-882e-774bac1734df", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4f0a6dee-e80b-5b45-818a-efe0ea9f6f30", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7e07eef8-ec3d-5b8f-b3ed-31174439c8f4", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8a197f0a-b227-57e0-b043-5110cd40ec47", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bb823be6-b2e3-5785-8f81-73cc29807e21", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bb552b96-cb49-551e-9e3f-6416ec973cdf", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0c69ea2a-31a7-578e-94b6-f3ac772dab1b", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:51bed07b-f3a3-5945-9a7c-6e28b96b3cbf", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:774d748d-20d7-59b0-9f30-72bbb10ea0f3", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9b48034c-9907-5714-86e4-86c3d6f362b3", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2b0ba6de-e3ac-55cc-bf4f-30731677964b", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7e660255-d0f2-5872-a52f-7a7c56358050", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:81338991-97a6-5b39-9930-2d6952efbf7d", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.1" } ] }