{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:4dee5ac5-7aed-5684-8c7f-481ee8b24ad9", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-jms", "version": "5.3.30-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:9c2cb647-f61b-556e-8913-dbba1cb11c52", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.30-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:30d8f41d-cdc7-512e-8a05-02b9383d50a5", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:adfd834c-1cca-5698-b3ec-cf22d1af00fa", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4c5f7da7-b069-51a4-b94b-e4692e8ffff4", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4648f409-78b7-5842-85b5-9fd185a5f054", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:17450103-db7b-5953-9f67-35ea894207d3", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:583bca5f-4211-5baa-9ea9-bc8a49b3c03c", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:32f50a9b-076c-580e-a647-75bc14bb017a", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:257db080-4834-5fb2-95f5-3d7fac662fbe", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4c32923a-b45f-5c33-9472-bc7fcf0cc0bb", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a5bc145d-bda1-5f7f-a06e-ee37c0292eb8", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:db9f404d-38de-5507-9466-de7cc7d7b101", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ced95ab9-baa8-55e8-b21d-ba2027887069", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3e6cc69f-cc05-51bf-9aaa-7c259a541b04", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a3f86e33-65b6-53a2-b06d-22063cbee3ae", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.30-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6c51d198-ba90-5140-b3e0-e1d65e4a3cde", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.30-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9eca53f5-4c7c-5585-976d-54b624387b8b", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:69d998dc-1912-5bfe-8f06-e15ce77cd775", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.30-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d51df5be-2faf-5c66-bb89-f01175854384", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.30-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7821d148-ba68-51c8-868b-585ed62999c8", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.30-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:52ec6096-29d5-5bc2-8106-884b2de5ab51", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.30-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8a2fbc97-cfaa-5327-9dc4-3daf59de34b7", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.30-tuxcare.2 of org.springframework:spring-jms. already_fixed \u2014 The target repository Spring Framework 5.3.30-tuxcare.3 already contains both fixes for CVE-2026-41840. The identical patches were previously backported by TuxCare as part of CVE-2026-22740 (commits 1a619adbfb and ee9443b0bc, merged May 2026). Both doOnDiscard handlers are present in the current code: PartGenerator.java releases data buffers on discard, and MultipartHttpMessageReader.java delet..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6c2192d2-f350-5d2b-8d9e-34e8908473f2", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.30-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0b661f2c-3ba1-5962-948e-2897f2019ef1", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.30-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b67084a3-ae3e-5f98-8e30-480979d62b73", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.30-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:69cb84be-522e-5efb-8f36-31938209a5b6", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.30-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b551bbb7-97b6-5e65-ad1e-f030fd6b13f3", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.30-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e630f165-5427-5c4d-bbe9-ae1840fad6bc", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.30-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8dda9272-1613-5a78-88e3-29eddf4ceb08", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.30-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b4f25bd9-2c5c-50c0-98e9-5535e187d15a", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.30-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f75e0e3a-1e5f-5113-9896-1b2922bd190d", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.30-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:37df79b2-556a-50b5-bae5-8ae1473e5c1d", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.30-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:72bc15f6-7a58-5a05-b3dc-385268f40b4a", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.30-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:aa439cb1-22f3-5389-b71a-3086886e59c3", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.30-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ef5e1050-9905-5de3-a80e-72d2fc1da9a7", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.30-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c872e5e7-73a1-5928-9f86-e128fb885774", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.30-tuxcare.2 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.2" } ] }