{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:db41cd07-02e6-5031-8b7c-89c68263150d", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-messaging@5.3.29-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-messaging", "version": "5.3.29-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-messaging@5.3.29-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:d6f16724-f095-5792-9046-25dd71e4f5ec", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.29-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:96debf8a-2af0-58fb-bb73-42d85d7c1728", "id": "CVE-2024-22243", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22243 affects version 5.3.29-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:49865eb3-0789-56c2-a562-56e956c668dd", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 5.3.29-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4f8f8992-ad76-58e1-b58c-63de3504b3d3", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.3.29-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7e4fde58-06f1-593d-a8b6-f8fc89aba675", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.3.29-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:71e8b1c6-ef6a-57e3-bf71-94d12b2a2759", "id": "CVE-2024-38809", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38809 affects version 5.3.29-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9b497cda-3827-5bad-9919-8ed7c8cd0e11", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 5.3.29-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:69aadd62-bc1f-5e72-afff-130a4bb79b9d", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.29-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:743ad175-4a1e-5ca5-a2a6-222bcb2b94d7", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.29-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e00e8bfe-f75b-5706-b2b8-28725957990f", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.29-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ae171130-7348-5fe5-8124-13ce5f96914f", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.29-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f8374274-07fb-5284-86de-34396a68399d", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-messaging 5.3.29-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9fcbecae-10a4-5fdd-9551-4ccb517e47ae", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.29-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d5b95d97-5e82-5daa-9a71-a3fd50526757", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.29-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:38c1b9f6-3eb1-593e-ba9c-eea1bb100892", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.29-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b4673b93-6234-5897-b6a4-c429a29931df", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.29-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0f564bce-e5c2-563e-b3cd-96f7e12b188e", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.29-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f2bc934a-5391-575a-93a7-b07a00ceea16", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.29-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:55ae3757-49ff-59ae-a944-8a08bb7a4f52", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.29-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5b112129-07ca-5f38-ab13-946ae7221a22", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.29-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1678fd0e-eb9f-527f-b56c-d41033e325a6", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.29-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9468e661-9994-569b-897f-c6591cdb913f", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.29-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a45ec77f-182c-5ac6-a2e1-62850c63b995", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.29-tuxcare.1 of org.springframework:spring-messaging. already_fixed \u2014 The target repository (Spring Framework 5.3.29-tuxcare.4) already contains the complete fix for CVE-2026-41840. The fix was applied on 2026-05-19 as part of a TuxCare backport for CVE-2026-22740 (commit bc0026ae70c), which addresses the same multipart request DoS vulnerability with identical code changes." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c7763b03-fe8d-5580-98e9-5639ad8d210c", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.29-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1ba3a4ea-2b2a-5081-8434-ab76c68fce59", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.29-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ca959b18-ad08-55c7-8f65-685b88d4d127", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.29-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3c30d976-6042-56a6-879d-dac77c72035d", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.29-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b68c027e-6d0b-550a-8fa3-78057225b57e", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.29-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:09eca33a-ce74-5a1e-9bda-c8aae7384dd0", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.29-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5b3147f7-5260-5b5f-89fa-4732ea1a6020", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.29-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dafadf44-b805-5467-afd9-f10e9a6d7e22", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.29-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f9108c54-bb8f-576e-9453-4f130f789d6a", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.29-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3e2e5399-f54f-5a1e-8f65-b331854f643b", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.29-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:60d8fc5d-7fee-5a52-9995-4d07a753995b", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.29-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b3d34b91-a9cb-5623-a327-4412b6067973", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.29-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7b9b12c3-3ca6-536d-ac70-79d85556baa3", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.29-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8959060a-a6fd-559a-ada0-7cbaf1193e80", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.29-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.29-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.29-tuxcare.1" } ] }