{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:cdc0100a-6d9f-53de-98c6-8be30b7755af", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-messaging@5.3.31-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-messaging", "version": "5.3.31-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-messaging@5.3.31-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:eb8d57e1-8cf6-5191-b4f6-594b43975ac6", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:351d9de1-c37b-5f4b-a84d-d3fb748a939b", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:13a41664-30ce-53e3-96b2-35e6bc0c3367", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c7ec7ce1-8ab4-5855-8ef3-2a0ea1d73af4", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:34085f97-e2c5-5216-93c6-246d60b37816", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:97be4f48-66ba-55fd-80ce-32d8f0de6ee8", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e2e97bbf-1b66-5a38-9b9c-07ceff4a9446", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ba8c4392-0ba0-579e-bcab-84225b8f59e5", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:425cbebd-0348-52ea-9e3c-de99de2f85c1", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f854f9f6-981e-5468-a9d7-bcde7f2a408d", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:577dfc5e-375f-5b3a-b2c9-ea3bcebe6915", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ba2fb3aa-402b-59af-8223-cd19787f729d", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-messaging 5.3.31-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7b5d37c9-ccda-5c9d-b28f-707584ce7ff3", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b8972da4-4f70-5bb5-aa12-251a99b78677", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8d38681a-0e9f-58f3-816a-d1628f74448f", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e04375f6-ce11-5841-9798-59012ba770a2", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.31-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1550ec3a-44b9-5231-961e-1a391850ecb9", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.31-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2b9fc0e6-aaa9-56df-a719-3cf2ebc32ff2", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d23aa6bc-65c8-52c4-996c-78159555ce55", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.31-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3a5b8c49-e18d-59ba-a183-b40a25a3e8bc", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.31-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9dfc24d8-3662-55de-b36d-4c1882a227e3", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.31-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b623b1f7-8523-5ced-af84-a02260eb99a3", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.31-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c2efb8fe-005a-54ea-bdb5-9e2027a0e432", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.31-tuxcare.3 of org.springframework:spring-messaging. already_fixed \u2014 The target repository (Spring Framework 5.3.31-tuxcare.3) already contains the complete fix for CVE-2026-41840. Both required doOnDiscard handlers were applied via commit 615477c88f (labeled as CVE-2026-22740 backport) merged on May 4, 2026. The code changes are byte-for-byte identical to the upstream patches." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:edc56de2-61aa-57b0-bc5c-5ef84d3296c2", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.31-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ff8b05ce-11e7-5f50-8898-8ba8906d1001", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.31-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f960832f-818b-562a-af89-e976ec9fde45", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.31-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0dc85f1e-e3e7-5f92-94d8-4a0fa49b8b36", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.31-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0e5efd58-ef5e-5ec0-ab03-66107d1b387a", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.31-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:084d07bf-e9a6-5667-9487-e63c408c74d8", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.31-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:32039375-8c4c-5641-b6f2-fe3bd70bcf38", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.31-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:76b9c652-bca8-5578-b399-7e02d472e66f", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.31-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9ef594aa-fa28-54da-ae8c-fea38165510f", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.31-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:49a004a5-24ec-54d6-88c0-a71c4c65e1a3", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.31-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:82bd6572-f85b-5a27-b5f9-4ac03fb5874f", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.31-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:676fb48c-27a5-5158-9849-b17ac1536441", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.31-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:134049ef-a072-517e-bf3f-40e8aec95a96", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.31-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9f0944aa-ed0f-5a23-9b34-62f76eb9131c", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.31-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31-tuxcare.3" } ] }