{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:54856e13-d6b5-58df-b00e-e4c0987e66c2", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-messaging@6.1.21-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-messaging", "version": "6.1.21-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-messaging@6.1.21-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:a82146fc-d166-5cb3-a8c4-8eeab3315dc5", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.21-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:18eb4f2d-159b-5d47-8c68-771499a7c1c5", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 6.1.21-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5ec9278b-1e14-5291-9cb6-8cd766ca0d5d", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 6.1.21-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:57481a63-edbd-5ed2-a245-267f255e7436", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 6.1.21-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b60aec29-997e-55a1-8dc3-700e12f44220", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 6.1.21-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a905898f-d008-5b5f-8353-d965c486d1b1", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 6.1.21-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cc73fd91-906f-5291-a853-a60cdf536e17", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 6.1.21-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e077c073-3819-5e32-a63c-73e6fcfc7ac9", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 6.1.21-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:30bff1cf-b907-5724-8310-72d65e05c8a4", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 6.1.21-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:80ecd637-0344-5119-8677-25f2eea93f4a", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 6.1.21-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c2865fad-bc79-5f51-b85f-7cec714ace4a", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 6.1.21-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e27c2075-8eb3-55cd-8417-bc6f7033ac2b", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.21-tuxcare.3 of org.springframework:spring-messaging. already_fixed \u2014 The target repository (Spring Framework 6.1.21-tuxcare.6) already contains both upstream patches that address CVE-2026-41840. The fixes were previously applied as part of TuxCare backports for CVE-2026-22740 (commit d8aa04a97f, 2026-06-08) and memory leak fixes (commit e7c90921fd, 2026-04-29). Both doOnDiscard handlers are present in the current code, preventing resource exhaustion from multipa..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:69c5ee92-c319-5093-8486-816c65796e7a", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.21-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b51b74ce-922f-58a9-8935-8ae0a8a5691f", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 6.1.21-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8db6a950-2884-5ee3-96c7-2f0ba9f3f79b", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.21-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7e94d3d7-b7d3-5a9d-9e26-66059d51dfdd", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.21-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:62b29e5d-7c2b-5e62-b577-69865ab29abb", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 6.1.21-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ac3a212d-b882-5f38-a6df-9dac7369b581", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 6.1.21-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7307b5f7-0fae-5644-a34c-0a4c0b4302c8", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 6.1.21-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:28b620a7-1128-5dae-a48a-09034795cdc8", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 6.1.21-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:20e2a094-6c08-5a76-be9a-051c8d732c92", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.21-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9d98e8b7-60ce-51ad-94f9-00994f28b693", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 6.1.21-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a677e4b7-e499-5202-b037-0203fba5ad02", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.21-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6be0376a-acdf-52af-9870-717c0cb39a9d", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 6.1.21-tuxcare.3 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@6.1.21-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-messaging@6.1.21-tuxcare.3" } ] }