{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:0998ae7e-9706-5544-8756-3e5276016964", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.5", "type": "library", "group": "org.springframework", "name": "spring-jms", "version": "5.3.37-tuxcare.5", "purl": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:43517b12-7094-56ca-b8f8-7ff39bea20cd", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.37-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e2c7fa4c-de6a-5451-af44-6b5ffbe739e9", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9016582e-dce3-54e5-b278-1efff63da835", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:6170d980-68cc-5036-9f6c-ed9412c0ca67", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:68ad6a5d-f397-5bf7-8a45-cf58c1507fed", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.37-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:83b6709b-5bb6-5c8b-9d10-b722ee24baae", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e5ae67ee-3d8f-5a85-a20b-b0d777b7d3fe", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.37-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:83fdfa39-7047-59ec-a023-4711a8fb36fc", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e8d870ab-7d97-5b4c-aac8-4d4ff426e9ad", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.37-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:5c351764-a85f-5679-9844-f0d05ade4da9", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a0b0d253-cf5a-5f5b-ab5c-f7467754e08d", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.37-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7e22a3d3-9809-51f4-8cc7-1e10fa10e861", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e1fa8bdd-0815-5969-8433-05ea53bd21ab", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.37-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:54aa5072-abc1-5b6b-b13a-e0da3189d1bd", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:10bd8853-5c19-5c6f-b41f-ba0ace796745", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.37-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:810d14a6-3dd8-55f0-90a2-a93add1d5d9e", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.37-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:83f3658a-4809-5a35-98cc-cfa94b3dfca4", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.37-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:4a837a15-94f1-5050-9ff7-d34557dc71f1", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.37-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:fde75b01-a7fe-5fd6-9aa1-f891bcefa405", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.37-tuxcare.5 of org.springframework:spring-jms. already_fixed \u2014 The target repository (Spring Framework 5.3.37-tuxcare.6) already contains both fixes for CVE-2026-41840. The fixes were backported on June 8, 2026 via commit 648b33d0a3 as part of CVE-2026-22740 remediation, which addresses the same multipart memory leak vulnerability." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b53da183-3c37-5efa-bc29-c713c0bb0e3f", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.37-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b6d23832-96da-5422-b1b2-765bf2ee439e", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.37-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:93d55e29-d728-5aab-b0ec-8f849a630015", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.37-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:70acb182-01bc-56fa-97a4-a9cd0018bd5e", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.37-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:22ec9976-60ac-5198-845c-fbb64d3e1c8f", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.37-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:18765416-1871-5628-b6d4-9db65ee073c3", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.37-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:cf500c01-72e4-5af4-99d0-6430fdc5de7e", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.37-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:fc9f1063-8717-5802-9b5f-4e88fc475d31", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.37-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:71c4aba6-5bb5-5aef-b40b-5f0219611f37", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.37-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:2d1a17bd-0b41-514b-a89d-e31e601ff058", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.37-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:8e01778e-cdfe-57dd-83c3-996f924f14ef", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.37-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ffb412ec-6ccd-5678-8941-ceeb5cddd506", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.37-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ce44ec6b-24ee-5bbc-ba65-f50c1ba937f6", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.37-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9c9d7ca2-fc80-5c27-b55e-02bf710ca5b6", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.37-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.5" } ] }