{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:7ae39ea0-830c-505a-9714-212bd7802e19", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-jms", "version": "5.3.30-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:0a08a8d2-a72f-55c2-a3f5-baa3ecb70fc1", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.30-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d230be9a-6b3e-54a6-90a8-2698dc046932", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:705508dd-5257-59ba-bbb0-079b9c4c2b1c", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9bc30dca-9fe6-5935-a403-6c5e2b5654e4", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5876d2a6-89eb-5f4b-bb70-5e2071ae2ea4", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ba9359ef-87cd-5739-bdef-0de194431247", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9071e1e6-1e99-5af8-b960-4f2e5b4951d5", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6d8999a5-633b-52b0-a0c3-23c36aab38a8", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a5250467-8781-5e28-b12a-aa07403ecd1c", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:420a143b-df24-529e-ac9e-d89b039d50bd", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a59df2c4-4959-5ddb-b374-523fcc1ff680", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7bab8c68-47b5-5e2c-8ad5-74f5aad615f9", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bb970ae0-ddd6-5eaf-a26e-af2a065224e3", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b61ddae0-c8ac-590d-88ba-6c7e8f108f26", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d235ef8a-25a2-50e5-a7a8-da9c3ac05368", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6052ac63-4db7-5434-894f-5feb48f875d3", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ba34b3a0-65ca-59ad-844b-6e70bde8cf7c", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2814ed20-922f-5079-bb40-b6b3cd85f666", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a9d94fde-f789-5cbe-9c17-0d67098babe7", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b3b2e88d-9872-56c6-8e94-5ce5a2489b1d", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.30-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:daa0ecf6-51ab-5f62-957d-40475b24f03d", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.30-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:dccc2dc4-b085-5461-9f3c-9c9992624631", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.30-tuxcare.3 of org.springframework:spring-jms. already_fixed \u2014 The target repository Spring Framework 5.3.30-tuxcare.3 already contains both fixes for CVE-2026-41840. The identical patches were previously backported by TuxCare as part of CVE-2026-22740 (commits 1a619adbfb and ee9443b0bc, merged May 2026). Both doOnDiscard handlers are present in the current code: PartGenerator.java releases data buffers on discard, and MultipartHttpMessageReader.java delet..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ce47d316-7a49-5c98-bfa5-941a579726d6", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.30-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a9f7bb40-f598-5251-9c2f-3e803730ccff", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.30-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:93514804-3f76-5ff8-a9ed-382767c21d75", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.30-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:86f18f12-bc89-5bff-a064-d42f50806634", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.30-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:394df524-ec6d-5fbf-821e-9d1e240505f5", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.30-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:848e309f-5739-5d5c-9a50-8a75fb797df1", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.30-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8ffbb225-57bc-5a7b-886e-53c9ca1eb826", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.30-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0a58a714-aa1a-5204-bb67-300b2f0b0e8b", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.30-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b34bd65e-45e3-559a-91cf-6c97ebeb7758", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.30-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:55196785-fe2a-5efe-bc4d-24e534017bb1", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.30-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f6db78cd-9b05-59a9-b7b2-4cf97c67862b", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.30-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7b9b67db-ba64-51f2-895f-62cd1d6b8b37", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.30-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e3622f8b-17df-57e1-83cc-5fb7c68a44df", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.30-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:80336fea-be59-5cf0-9004-e1c0b5433a61", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.30-tuxcare.3 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.3" } ] }