{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:a764ee20-5a6e-593d-a292-792d1106319d", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.6", "type": "library", "group": "org.springframework", "name": "spring-jms", "version": "5.3.37-tuxcare.6", "purl": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.6" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:d3bb4f49-005e-5b85-ac0d-bfc2b2dc35ff", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.37-tuxcare.6 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:a27c823f-778a-541d-8c27-9d919f06ee9e", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:1023d7d5-21d0-59a2-a7b1-3bbbf38aa0f1", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:be8afec3-70fd-5f41-9cab-40ad81c2b23d", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:5abf4d9f-dcc4-5e2a-a666-bf6721331dcd", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:7d736458-a371-5b11-98ab-8366f762aa34", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:badd753b-61a2-54b9-9fa3-2019db83d631", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.37-tuxcare.6 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:9da85b81-3f3d-54dc-9f51-541f5de776b8", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:c9fd8075-377b-5fae-82a0-12085edc52b5", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.37-tuxcare.6 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:8f853913-c40d-596e-82ca-45a93e248f1e", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:0da1d019-9467-53c4-acad-80df6d5c76a4", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.37-tuxcare.6 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:e114591e-facd-5693-95cc-be919be7e956", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:6115b87e-7e3b-5118-9d38-469c9313d186", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:5f7622df-ce9a-5dbe-9195-79b4b578aa87", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:f8a7ffd0-280b-59b9-8787-1a9971656068", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.37-tuxcare.6 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:e17069f7-cd38-5489-890a-f6a8907dfbb3", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.37-tuxcare.6 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:5a8ae597-ac49-50e6-a2c7-517e173490d7", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.37-tuxcare.6 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:33115eb3-2aba-53ee-8937-4898bfc324a0", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.37-tuxcare.6 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:42c7b75d-72b6-5285-8127-848fae0fd9b0", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.37-tuxcare.6 of org.springframework:spring-jms. already_fixed \u2014 The target repository (Spring Framework 5.3.37-tuxcare.6) already contains both fixes for CVE-2026-41840. The fixes were backported on June 8, 2026 via commit 648b33d0a3 as part of CVE-2026-22740 remediation, which addresses the same multipart memory leak vulnerability." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:f4a2835e-9827-52da-b10a-806a2aeeac92", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.37-tuxcare.6 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:d08fe795-99bd-5971-9466-e25b49390af6", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.37-tuxcare.6 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:accc4bf5-61d8-5d72-ae81-683c8bd68d43", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.37-tuxcare.6 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:96c8b5a4-4170-5d6e-ab78-fa0eea076aac", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.37-tuxcare.6 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:43170598-aaf2-58d9-9e0e-278a3bd4506d", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.37-tuxcare.6 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:c32fc436-c0bb-5543-86bf-f9208714b80d", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.37-tuxcare.6 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:0d847c94-aa47-5075-9d7d-c3804246cb78", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.37-tuxcare.6 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:d66c531f-581c-50d8-a5ce-554d4d1449ed", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.37-tuxcare.6 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:3f80f3f7-659e-54ec-bf82-820fc049dfe7", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.37-tuxcare.6 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:c597d2d1-fc87-59cd-999e-ce19b96f91fe", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.37-tuxcare.6 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:f9cce1aa-d4f3-5897-bedc-2011d3d43791", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.37-tuxcare.6 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:10c29923-140a-5633-a4d8-a029c3f3eaa4", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.37-tuxcare.6 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:da94ce82-118a-585f-9098-3c2bc9e7cb13", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.37-tuxcare.6 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:c335d4a0-8027-535c-b865-56e487afc4ad", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.37-tuxcare.6 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.6" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.6" } ] }