{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:f8b6cd52-8046-5442-bd3d-ee1a7c946751", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-messaging@5.3.29-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-messaging", "version": "5.3.29-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-messaging@5.3.29-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:1cc00010-913e-548b-a0e4-0c719569f3b5", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.29-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1b1ae549-da02-547e-b518-a2217959beb2", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a61e00b0-b46f-5064-bbd0-25679ca733ca", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d3a3e0dc-16d0-5a9a-8739-ab24023a5604", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.3.29-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:54ead9c7-53d9-5f7c-95ce-725b649082ad", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.3.29-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:92f3f8b8-acba-57fc-bc14-c1468e6f7bee", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8449ef94-abd4-58e7-886f-3cb23b9f98a9", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a3c100c5-bf5d-5698-9264-3f5658ca17c3", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.29-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7e3e7041-fb5e-51f3-a235-8ca7ef95435b", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4aba75e5-33f8-5bb8-91e7-1dcaa275865c", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8aa6bd33-1452-5d4d-9cb1-cf8ba6995d08", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d65d4752-8560-59f6-b44b-ad68c367cd0d", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-messaging 5.3.29-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:acd21a00-c4c5-5e92-a7d0-85247451b012", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.29-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:58ca6eda-2b66-5e6b-b3fb-f27d9892935f", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.29-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:80045214-a0fb-50df-a90d-8ae6aa903d72", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.29-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b72f1df8-32b2-53ea-8484-a3cb9a7510de", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.29-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:34ae6545-f02a-5956-b422-6e6b9c8e8036", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.29-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8bc9280c-6bab-578c-a4c5-1e70a8b99bc9", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.29-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:770b6c8c-e5cb-5be1-8596-92e3e8d44758", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.29-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f3edae34-5bb8-56f2-aa51-c63ada855990", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.29-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:83420728-3f66-513b-8da8-496fd617630d", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.29-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:27e4211a-d11b-52cb-a014-3f9e6ddfd9d6", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.29-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bc00495c-22b0-5a4f-8ff6-315d01597efd", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.29-tuxcare.2 of org.springframework:spring-messaging. already_fixed \u2014 The target repository (Spring Framework 5.3.29-tuxcare.4) already contains the complete fix for CVE-2026-41840. The fix was applied on 2026-05-19 as part of a TuxCare backport for CVE-2026-22740 (commit bc0026ae70c), which addresses the same multipart request DoS vulnerability with identical code changes." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e84d1b35-9d71-5e64-a7df-24881df7eb9d", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.29-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2adc2e4d-c17a-5057-96e8-4725626e2513", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.29-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c16c077a-4da5-56c3-b810-43cdb254fd8f", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.29-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:25308efc-7806-5fc6-a473-38c3df881774", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.29-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1b6f9b07-0d9b-5429-be26-2335f74e3753", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.29-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f62775b6-d2f2-5788-8806-f7f9ed898247", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.29-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:424feb4a-8701-562a-8aa2-fa7210128a1a", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.29-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e54216be-3d58-5ff5-831e-4912a4fcb7a0", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.29-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3987ff37-73bd-55ad-884b-60b6b4f90cd1", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.29-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:12848b07-6fa2-5a02-809a-11d9303ec823", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.29-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b868b36d-61f3-5d8b-9154-fb5c93e80033", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.29-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9aac5f43-bfa0-55f3-b087-f9dea57d0db1", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.29-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b959abf9-bcb9-5812-888b-c7a718fcb5a6", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.29-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:82d5b9f9-7a5c-5c1d-bc40-69182ef90ead", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.29-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.29-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.29-tuxcare.2" } ] }