{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:64680cfc-c20b-5585-a02f-133a97e7106f", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-jms", "version": "5.3.30-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:ff844209-c146-54ea-acee-fad685e360d7", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.30-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:872e3ded-4459-568c-9eaf-0e5f333dc132", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:faaecc4e-eeb5-5c6b-8234-ddf17ee74ce8", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c7982b6d-7e78-5d93-a4ae-013decb78703", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6db421f6-7f15-5382-9453-ce93956364a6", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5bac98f4-6b50-58de-878e-c2d2728de051", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3bda802d-cdbe-5239-b022-924329b04556", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a3b2d310-113d-5b1d-a79f-059cfd61333c", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:025278ae-28c1-55df-b487-8e89276a7c47", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:19e732ee-34b9-521d-a125-4ebd6774d9a1", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b8f291b8-5f52-5418-a032-f32dfdddfff3", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d43ff61a-aa58-5ddc-b7ef-90a6e9c9e797", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:bba170eb-66d3-5247-ab35-208de81794d8", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c56f689f-c73c-5e2f-b611-44d721fc6ac6", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:38073301-b227-5cd4-b989-bb2b1972a0ba", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7e65d1ce-9723-5337-bdb0-fbbf7630f489", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e284c7b2-99dd-526b-8dd7-02ec42ce3895", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:bcd2dc69-85ab-5134-a795-d8410b01de5f", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:fb5010eb-e4bd-562c-9bb6-4a809ee33536", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:22b42ab1-bb61-5658-a4e0-cd076427cbcf", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.30-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:090373fd-8ca5-5065-998f-39e2248b21ed", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.30-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:16ee8f9c-5d1e-51e6-a4ff-e69a00dd372b", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.30-tuxcare.4 of org.springframework:spring-jms. already_fixed \u2014 The target repository Spring Framework 5.3.30-tuxcare.3 already contains both fixes for CVE-2026-41840. The identical patches were previously backported by TuxCare as part of CVE-2026-22740 (commits 1a619adbfb and ee9443b0bc, merged May 2026). Both doOnDiscard handlers are present in the current code: PartGenerator.java releases data buffers on discard, and MultipartHttpMessageReader.java delet..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a4d1885f-4cf6-5ad5-866d-d1415a53f393", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.30-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7d9daef7-994a-533c-a5cf-4fa204db8631", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.30-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:589348d9-cfe6-52f2-a537-db6b0f296e4a", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.30-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7367b086-7700-582c-b0ae-cd306f7a458a", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.30-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:726ac231-4f1a-589c-9fd5-9603a47dc609", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 5.3.30-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:30ad8d43-1a1d-5192-b64a-698d05cfc3ba", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.30-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d593fbed-b120-581d-82cf-0928f73d532e", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.30-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:abc04470-c983-5d0d-83e4-9ac86832846a", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.30-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:16b077a6-b5ab-5a39-859f-76c2ab541046", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.30-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a8fb720b-1030-5e63-9b1b-45cbe593cfef", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.30-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d10078dd-8d6f-5dd8-9d9c-5d7ff01c1d8b", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.30-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7781070a-44ab-5b70-a417-37b5636c796f", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.30-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:75c553f5-40d9-5f5f-9013-552dc3b1b9db", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.30-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0e572b45-33d2-59ca-b0a3-b6a24d0d4800", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.30-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.30-tuxcare.4" } ] }