{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:1fb2eba4-6988-5ce3-800d-1cbecbc0e2b9", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-jms", "version": "5.3.31-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:8e40327a-d841-520a-9e35-bd052c5f36c6", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:aa916e6e-380c-566e-88fd-df366be5fde9", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:473be5f8-568a-5632-a6b8-b231efe6ffee", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8b4d42a0-cf01-5b70-a37b-6786b000241e", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:21149207-8100-506c-ba97-9e155c846f26", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1671e712-d9a4-5a4e-954a-04588e2cd1fa", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:66506486-3b0c-5bf7-b595-da87953a4cac", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6965e8a3-4668-5699-8cd8-5649e8cf1b65", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0e8dbd00-9d84-54ce-b9fa-2c24584f1a87", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:19ca4670-d623-5d0c-acfc-b8086f47c83c", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:13d2a1e6-bf5d-5492-95c7-c859173a6506", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0903186e-4ca1-51e0-ac9c-d02605030334", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-jms 5.3.31-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c69240c2-5fa3-52a8-9859-c02245d86688", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:32f3df08-04f0-586b-b9ce-18dfcad770be", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b008b174-8834-529d-a6f4-904db4117c58", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e1690581-ff39-5086-b762-05e2dbe18260", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6ee9b70c-60a4-5df5-a7f7-34357be57aee", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.31-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:22012643-a66b-5451-9849-941a5542be3c", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1dbb5c9d-8129-5a59-ba78-e072534c4fe4", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.31-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a6827dab-af87-5fd3-ad75-7e34b6d693f6", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cc39e9f0-74d8-5262-b7e7-a34e63060dae", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.31-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:15c1315b-2ffd-5bb5-ac5a-b54cb6cb5fe6", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.31-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f129848b-1565-5c7a-8335-448cac221dfa", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.31-tuxcare.4 of org.springframework:spring-jms. already_fixed \u2014 The target repository (Spring Framework 5.3.31-tuxcare.3) already contains the complete fix for CVE-2026-41840. Both required doOnDiscard handlers were applied via commit 615477c88f (labeled as CVE-2026-22740 backport) merged on May 4, 2026. The code changes are byte-for-byte identical to the upstream patches." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:bae573e5-67a5-5176-8d89-919a5c2f0377", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.31-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c6c506e6-c307-5f9f-95a3-4a6326311a10", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.31-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:31b59f4e-3e44-50ee-83f0-ee0b71b51a91", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.31-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a4008034-1d12-54af-a159-0b86d14637dd", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.31-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:51bf057b-c0e9-5408-864d-d1cae99c983c", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4d89a899-3940-584a-adb9-4329978dcc2c", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.31-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:77d94575-c186-5097-9a1e-68aafdef2021", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.31-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3c79db3e-8279-5f2a-93e6-5aa5ba485ac6", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.31-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:721502a8-b480-5019-87b5-18d640636d90", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.31-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e19a782a-49a8-5f13-aa3a-c64eac5e3b58", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.31-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:69ce0a20-11b7-52bc-b00a-6fd79b857c72", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.31-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8b09c96f-bb78-5d69-83e0-9cb48d8d82aa", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.31-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:da2cbe54-72ba-509a-bfa6-1a38bb7b66d8", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.31-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0e8e86be-bf4d-5c81-a1c9-260f938d3a4a", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.31-tuxcare.4 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.4" } ] }