{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:94b08251-ab10-59cc-ad19-c31df8bb2279", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-messaging@5.3.27-tuxcare.5", "type": "library", "group": "org.springframework", "name": "spring-messaging", "version": "5.3.27-tuxcare.5", "purl": "pkg:maven/org.springframework/spring-messaging@5.3.27-tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:e155a4d6-83de-5316-b1d3-db405cdcd000", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.27-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:99238409-69c5-5abf-ab60-497c4b620374", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b64f53c0-33ec-5cb6-959e-1be6d2de7de9", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:913b096c-5fae-5a92-ae56-d5e37f6fea3c", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e2040531-f89f-5fe8-9528-42be51f2c4d0", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:31f9d800-2e21-5f72-bf59-a2484d0c2d59", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:71641885-120b-54ad-97f4-e9f35eeca48a", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a10ab7ac-0267-5723-b680-e9237e299262", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f479e96f-3ca1-5f1f-a928-d64986b9a7d9", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:8f5441f7-823d-5410-ab98-d57770757e7d", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c59d7a57-f5c5-5a3f-9cc7-367825582ce6", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3e37e3d2-1abe-55ba-b5a6-5fd6f7a41652", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-messaging 5.3.27-tuxcare.5." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:bfc1c62f-958f-52d3-a241-9b297f7999f6", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:01be10cf-777f-5573-9665-d738993b418d", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a5f63564-8ac7-5bf0-9d5b-853dea50260a", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:587a0e33-77ac-5891-992e-43118f0fbe01", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.27-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c65b9e43-e5f4-5738-a6de-780da8b10340", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.27-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:091cca1b-2f18-53d4-ad5c-50a4fd8c8d2c", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f6e5b4a9-9e81-5c7c-8376-e2cc26581be5", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.27-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:877c19d6-53df-5450-9d34-17932e50a38b", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.27-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:30e0e419-49ef-5cca-8753-f6841ae72e7d", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.27-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:da8f45cb-73fc-57d1-b914-919f2424ff93", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.27-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ca230aa8-b832-53f4-bc24-53d6b502eb9b", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.27-tuxcare.5 of org.springframework:spring-messaging. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41840. The vulnerability was previously addressed through backport commits for CVE-2026-22740, which applied the identical doOnDiscard cleanup logic to prevent resource exhaustion from multipart request processing." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a423408d-47c7-5d82-9efb-4981326684cd", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.27-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:4d7face3-4e4f-5e66-836b-33a67245e92a", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.27-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:4110f0cb-03ed-5b9a-9d61-5f58b6c43f81", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.27-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:0bac8388-163b-5f2d-bbee-c37ae75029c5", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.27-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:30cfcc78-f273-5f9f-995a-4ec9825df8bf", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.27-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b44c6973-393b-5ef7-af8a-49f57b7e9976", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.27-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:95b86526-d0e8-5cb7-85cd-bf1afaec7c6e", "id": "CVE-2026-41847", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41847 does not affect version 5.3.27-tuxcare.5 of org.springframework:spring-messaging. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41847. The upstream commit 07ba95739bf4451742e4ee6b4d4b2d0ee5f701bf is present in the current branch, and source code inspection confirms the vulnerability has been patched." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c85c3e1f-81f5-551f-bae5-2df294af9952", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.27-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:01a5a774-ec8f-5591-aa8c-3d3c37e851df", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.27-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:29ed0292-afaa-5027-93b2-e96aa45f5c54", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.27-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ae3f8b61-c88c-5d89-a09c-4260f3c534b2", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.27-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:0a97b5c4-b1ca-5fde-a2aa-76967cdccc23", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.27-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ad92bf09-2be9-5b3b-b148-04c23e324cd0", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.27-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c65a0cd2-8a5d-5570-a3ed-963074a69dc1", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.27-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.27-tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.27-tuxcare.5" } ] }