{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:e8be6c35-16e5-567e-be8f-9d380a2123fb", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-jms", "version": "5.1.20.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:aa22eb10-8768-5591-b1c5-4d5576464390", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d8eb8862-8434-5088-8d78-b0526fa115d4", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:54fe972c-6d9e-5df5-926a-2e94ceaa5335", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9ce85e4b-1e20-5fb5-84c3-e7759ee9953d", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:99121a70-0f9c-5b18-bc0b-ad496f4f0249", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d03177b3-49ae-51ac-89b7-dc106a0cacdb", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d9582394-4df2-55f2-a7c5-eea3a042be41", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:434f30c2-1ad5-551f-8377-4954a5d6d1c2", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ff35a4fe-ed64-5e5e-a97a-d4a6b0e3b76f", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e3ccca90-8fb1-55ca-be8b-6c6a696797db", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b90bae33-c37f-5d99-bc17-ba2e56e2fbce", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:03618cf1-3bc0-5d80-918f-00a28315e98b", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a1605bb1-35be-50e9-b00e-d3b10cee41b0", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:11ac947b-a4a0-53df-a8e2-a2f06f2f4877", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d0cb3143-7a8a-54ff-acf8-c6b4bccd99d9", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2f320852-1b10-5cec-a4f0-5de60d4e7b43", "id": "CVE-2024-38809", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2024-38809 is a false positive for org.springframework:spring-jms 5.1.20.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3d6b8a44-802b-54ba-a060-dde65c00360e", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6bdd2b76-6d79-5ea0-a464-f8def2145170", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f758ef06-2ce2-5211-bc14-45cef5bf797a", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:52d5a174-83e3-5dbb-aa38-ddcb2569d1ee", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1e1cc8f2-055e-5267-9fe8-1be3095cf366", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c8653f50-fd96-5108-be1e-818b00dad447", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b2f7395e-9e6c-5034-9c59-175e7a6a688e", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e4c0c8c6-6ef8-5d5f-847a-3ddeb76dd4ac", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:356efa96-b4ac-5381-89be-258076a6e8d9", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e7e0c4f8-359d-52c0-a4c0-c4489a5196bc", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7fbdf0b6-ceba-5858-b677-5cbd89ceb8a9", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3d3960d3-627f-5c4f-9ef0-705e1c2cefaa", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jms. not_affected \u2014 Spring Framework version 5.1.20.RELEASE-tuxcare.2 is NOT affected by CVE-2026-41840. The target predates the vulnerable architecture (PartGenerator/MultipartParser) introduced in Spring 5.3.0 and uses a fundamentally different multipart parsing implementation (Synchronoss NIO Multipart library)." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:843e65cc-4556-5832-a2e2-4c954b7a6ae9", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4ee70292-1d45-5e4e-8da7-984126c7e6d7", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:76c20510-094d-5a84-8d3b-2ebd3c56e233", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:36b71cc0-f4e6-5000-8bad-b6fdc059bf6f", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1c86b2a4-d22a-5b87-9f52-a0c53cb89222", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:29dc65f3-8f99-54b3-9939-7b73c911f5c1", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:10a53cfe-9f1b-5a42-aed6-09ac34937d77", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3cd0b24a-f830-580d-8c76-edac63d464db", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1fe64aff-ff12-51f1-beec-16ca9acd6abd", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:def129f7-7b09-559f-9376-ef0c4f7cd7a5", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1817869f-006f-5e01-9c32-084fb1b28bb6", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:59d7183f-324b-507e-b385-e134fc939e35", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3e6fc3fe-8193-5508-9319-1e13a8f53c12", "id": "CVE-2026-41853", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41853 does not affect version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jms. not_affected \u2014 Spring Framework version 5.1.20 is not affected by CVE-2026-41853. The vulnerability affects versions 5.3.0 and later, where a new native multipart parser (DefaultPartHttpMessageReader) was introduced. Version 5.1.20 uses different multipart parsing implementations that do not contain the vulnerable code." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bdb06c02-b4e5-502a-b212-ee28e7de4a17", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.1.20.RELEASE-tuxcare.2" } ] }