{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:cdae6e43-3ef5-5bae-b58c-02202eaf545a", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.5", "type": "library", "group": "org.springframework", "name": "spring-jms", "version": "5.3.31-tuxcare.5", "purl": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:f84b38c7-4131-57c0-802b-083b72273fcc", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1267a789-ea68-5f55-8940-ad25d454c2dc", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3edc43f5-9267-5863-a45f-fc5f26f98975", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:5a82c43d-27e9-55c1-908b-f22253fc4e07", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:96f7c56a-f5d5-5739-bf77-552d9573d88a", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:615e5f83-5a43-5d14-a2ad-0629b81bf8d9", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:6ab3213f-9cac-5da3-8e78-7e7a3d44999b", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:86a09892-a68c-53b3-b38d-63e8e41eaa98", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f151b0f5-6a6b-5b7f-92fd-f1b6e7e54adc", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:25a73b42-b036-59ab-99a0-e6e0d0df3943", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d6ba0b4b-d1e0-572f-bbc1-b7de4ca6e30d", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:676a5385-68cb-5fb4-a381-848619a16d0c", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-jms 5.3.31-tuxcare.5." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:47e5e4e3-c3c2-5453-bb63-514152accd04", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e1b9c510-e7f5-56af-b9b4-064d5bee1eca", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ba154a6f-94d8-552c-9bff-6671106cf91f", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:358fa0c1-743b-5e83-8588-ade7e75b4194", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:43d8fc3d-a6f3-5953-9ef5-e2961b5a1292", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f33d628e-8a58-5b92-852e-c1850fac8508", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1bb9b29b-885d-5ab2-90b7-6279d888ca77", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.31-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ecdbc755-3f6e-5ed1-9dce-a68f658b8c83", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f4fd5d84-9738-5fe7-a50a-f99dfa385a5a", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.31-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:00341343-3757-5308-b579-d956b5225fb3", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.31-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e15effeb-fd98-5a7f-a1fb-d31f61ca7ef6", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.31-tuxcare.5 of org.springframework:spring-jms. already_fixed \u2014 The target repository (Spring Framework 5.3.31-tuxcare.3) already contains the complete fix for CVE-2026-41840. Both required doOnDiscard handlers were applied via commit 615477c88f (labeled as CVE-2026-22740 backport) merged on May 4, 2026. The code changes are byte-for-byte identical to the upstream patches." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:2ea48425-67b4-5a20-aca2-ee4c574ac579", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.31-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a3f81eb1-a1a5-5b89-89e3-bc34b9a95e1d", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.31-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:88df69a9-1127-5000-9129-e4a040fc8169", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.31-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:54e0b4bd-ee19-5eb0-9354-34f79033adfb", "id": "CVE-2026-41844", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41844 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3abd4bc2-2c1c-5855-b1e9-601db5ebc0a7", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:be6200a1-1537-5b30-b5db-47dc573e2fa4", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.31-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:eb1d5c77-8516-5a25-aa80-be79355e7960", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.31-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:072bb90c-c261-5a76-9611-2d0159855a20", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.31-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:4de17d26-67c7-58b7-b232-4e20e55827a7", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.31-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:274fa0e2-92c1-5594-9271-a8a81af10064", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.31-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7dcc9d8b-394e-5d13-86f9-70cd197f1d63", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.31-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:56ec235f-39d8-525f-b104-97f76fd51712", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.31-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:5824191c-80ff-5383-9e12-fbcfa91c331f", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.31-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:70c6f447-7a88-53e9-8a11-aab946fd9f5f", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.31-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.31-tuxcare.5" } ] }