{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:baf4f2b1-fb67-5b01-90b4-004c118d75f9", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-messaging@5.3.31.tuxcare", "type": "library", "group": "org.springframework", "name": "spring-messaging", "version": "5.3.31.tuxcare", "purl": "pkg:maven/org.springframework/spring-messaging@5.3.31.tuxcare" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:b207c029-9203-5f53-8db1-4f45e5268204", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31.tuxcare of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:d60b5157-8030-5bfd-9918-5c1f7f6e63cb", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31.tuxcare of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:04a05549-b1e8-5325-b183-4fec6887e995", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 5.3.31.tuxcare of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:131e59f3-9401-5ee0-b008-0ad204f2a550", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31.tuxcare of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:d17a13bf-f87b-59a2-b5a8-b776e9c32af0", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.3.31.tuxcare of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:6f2a3cf6-5e20-5789-9616-fd83d9569960", "id": "CVE-2024-38809", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38809 affects version 5.3.31.tuxcare of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:2ec60c24-6204-5b02-af8d-c84f972040e4", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 5.3.31.tuxcare of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:18f74f60-18f0-50e7-a29e-8f19fe9a0944", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.31.tuxcare of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:ff9227c1-bee6-5a2a-ae18-f3cfc272037b", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 5.3.31.tuxcare of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:6909a93f-ca60-5049-950e-ff41137f68c5", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.31.tuxcare of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:ee58066d-f148-5dbd-a25b-7272b58911a9", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.3.31.tuxcare of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:107076ba-76fe-500f-aafe-98f42f545649", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-messaging 5.3.31.tuxcare." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:f6d6d12f-cc8d-5f63-bf0c-a58af1e802cc", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.31.tuxcare of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:5228d261-3fea-5e03-ae3a-ed23677b0bce", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.31.tuxcare of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:e1e0e2ab-c069-5399-b180-a064a5b579ab", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.31.tuxcare of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:5a65211c-c829-5377-b421-570d819d7c2a", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.31.tuxcare of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:b6b226d5-3443-513e-bc3c-082dd088c802", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.31.tuxcare of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:67258d95-8b08-5065-8293-11ca9c47166b", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.31.tuxcare of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:b2d9651f-ba83-53c3-bb7e-55ddb48e57f6", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.31.tuxcare of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:9fa61df5-c0f8-550b-ba63-4e95fde3cdeb", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.31.tuxcare of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:664bbb28-3e05-5536-8242-2aa3f85f1b0d", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.31.tuxcare of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:9c3b57a0-92f3-51e7-a55f-5e5f19573df9", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.31.tuxcare of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:9424df53-b851-55e9-a5ff-18e0d07c6b76", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.31.tuxcare of org.springframework:spring-messaging. already_fixed \u2014 The target repository (Spring Framework 5.3.31-tuxcare.3) already contains the complete fix for CVE-2026-41840. Both required doOnDiscard handlers were applied via commit 615477c88f (labeled as CVE-2026-22740 backport) merged on May 4, 2026. The code changes are byte-for-byte identical to the upstream patches." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:5d6782aa-3fc8-5048-bb7f-e1075c3f6a4b", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.31.tuxcare of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:7f96b735-9df6-5773-b4a0-aa35cef17aa8", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.31.tuxcare of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:2c685d71-861e-53ea-a425-aec14a512d36", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.31.tuxcare of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:f8f840b9-9ef8-543f-9c4b-e832f984b82c", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.31.tuxcare of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:8eb91e04-e83b-54d7-ae71-65a68f708970", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.31.tuxcare of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:3f7c99d0-d880-5eb9-ba8d-9e891a2dd74f", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.31.tuxcare of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:98007164-c9e3-5e4c-bb07-428b3a753922", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.31.tuxcare of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:8a67fcc4-9bef-5e3f-b43d-c0cc2e739353", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.31.tuxcare of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:9160b8a0-e5eb-5707-9d4d-e07159a94fe5", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.31.tuxcare of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:6f367bc7-0cf8-5afe-8b5e-25ff904f33c0", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.31.tuxcare of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:a1cec0de-439b-5b2a-81f2-36c4802d342d", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.31.tuxcare of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:25ac09e3-dca2-5be5-bc68-26107bd266f4", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.31.tuxcare of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:8aa15103-b49c-5b97-80fb-0a00b65d22ec", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.31.tuxcare of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:04bf567e-bc9c-51a9-a135-d1d7dec81771", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.31.tuxcare of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31.tuxcare" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31.tuxcare" } ] }