{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:ba6c3651-c201-527e-a0d9-8ef6529ebe5f", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-messaging", "version": "5.2.13.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:8b45be84-de4e-5adc-9927-56979c3fdc81", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:babfccd1-d07f-5f79-ac2e-3540a7061a6d", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ad6310e2-5fb0-571e-92dc-1ac7d6f225b4", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dfcbe953-6f47-52c4-92e5-8ef33b9b1410", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7520cfc1-bc84-5f05-a68d-97de91eb4520", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:05099a6f-f26d-5f66-a34f-ec08deb30075", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:be4d1c63-9270-5ab7-b163-811e816c4f7e", "id": "CVE-2022-22968", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22968 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ce906c25-c98d-5000-9637-c6471e37f0a9", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:27b8c45f-88dc-5578-b102-027b68ea33b0", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f07f42c0-f801-53b1-b4f6-bde0a85960c2", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6790f53b-344a-5260-8f5d-b0c0df49eec3", "id": "CVE-2023-20863", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20863 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b9b455b2-1847-5262-94f4-8140dafb6a2d", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8d089022-fc08-527a-bb21-920a3eb719a0", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e9929b48-2b47-52f3-83c8-8ae80deb2909", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a6df9d26-5466-5138-98a0-7ef61fb4e0a2", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:db31f5c4-c2c1-5ca4-94c6-bdb6db2a618a", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:04f37fe4-0aa8-5f11-be3b-01a67e0d50c2", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5a6535aa-98d9-5e4b-870a-54ff93cbf4c2", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:032ddb20-1c73-524f-91f9-28ff9b25e26b", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1d708640-aec2-56c4-ae42-17202531f9f1", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:28c4f74e-57bc-52d4-96a5-676cee9bad95", "id": "CVE-2025-41234", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41234 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:181491a7-f8f1-5178-b202-4385190d20b1", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4a08bd56-93ab-5bd0-8b53-d2156d2f9542", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:53c8ba50-1a59-5d7f-b0a7-bf1d8c9ba0b9", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1ea87690-c4a6-5c56-a8dd-800ec03ff1d9", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:893309c4-9c53-51e6-b008-b1812cc37974", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:97acdc34-8298-5b4d-8ac5-d270448ed824", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0b963cb6-a51d-546a-b2e5-88f645d6c3a7", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7ad18e3a-8acc-55d8-b6ec-076f2dcdab9f", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-messaging. not_affected \u2014 Version 5.2.13.RELEASE uses a fundamentally different multipart parsing architecture (Synchronoss NIO library) that does not contain the vulnerable components targeted by CVE-2026-41840. The CVE explicitly lists affected versions starting at 5.3.0+, and the patches fix issues in PartGenerator and MultipartParser classes that do not exist in this version." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0652d54a-8281-5959-9786-304a0509b7d8", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:12954e1e-662b-58c8-b811-bc3e1b201268", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:43ecd030-a32f-589c-b12e-e9f321aa3dc9", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1c471eef-9357-5907-829a-7d7e92827838", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c4694734-94df-5016-add2-0760a140bb2d", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:02a0bf6f-81ca-5c5f-82b9-7d24f350bd1e", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:92239bdb-6d6f-5e8c-a255-6fd1d5483828", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c5e28ff1-7e73-5edc-965c-1ce3c9781e80", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:98781202-61f3-5494-9ade-c91f7fd6bb25", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4b907936-0460-5256-bc88-9cd2d71bf721", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5ad433ad-36f3-5773-b9a5-e25c68cffe34", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7a18b514-59fd-568d-b9c7-13a9a32a8e10", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:63bf58dc-1dbe-5b31-96f6-1440779d9f0a", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bfc04206-f850-5245-8f97-092bc61a6dec", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.2.13.RELEASE-tuxcare.2" } ] }