{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:9f5f3978-99f3-5696-8a81-46d2951969f7", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.7", "type": "library", "group": "org.springframework", "name": "spring-jms", "version": "5.3.37-tuxcare.7", "purl": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.7" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:4f3d3df9-c2b3-57aa-84c9-4e97ec2bb41b", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.37-tuxcare.7 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:b5bfd730-b5dd-56e7-a23f-6c90a2272533", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:1587afb4-c667-544a-bb29-99e318b524ec", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:0c6c204b-ca1f-53c0-9abe-6678bee9effb", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:24ee3958-6397-5146-9309-646a44116634", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:25f9c41f-f343-5216-b0ab-3f2fa412c8b1", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:47bbc554-82a6-5906-94d3-0b181497f31f", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.37-tuxcare.7 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:f340cabc-a652-53f1-95d7-7ded37ee92c7", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:7a8c7cce-86c0-51e4-b53d-52e5a216a5b6", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.37-tuxcare.7 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:c740a9d8-9a48-50e9-88c0-deb390e7f6d3", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:734b728d-7c16-5268-b1f7-7a8b2a9f2838", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.37-tuxcare.7 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:599a8071-4bd5-5a99-9967-6db88a6674cf", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:d4a8d3f3-4cfa-5040-b46f-f4e05857f24a", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:0c38fc33-7df0-5fb4-936a-b4b4683f7ae4", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:3394bc3b-5753-5048-8383-f01e9c51b2c4", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:7c4876e1-ffd4-5f25-8851-cb8fcbfba7cf", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:1e44fc69-dd34-5673-a62c-042df47981a3", "id": "CVE-2026-41838", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41838 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:d52a63e9-7164-53a0-87c3-f57afe9e8208", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.37-tuxcare.7 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:c6375de5-4a32-5dc4-a8ea-15c4dd88603c", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.37-tuxcare.7 of org.springframework:spring-jms. already_fixed \u2014 The target repository (Spring Framework 5.3.37-tuxcare.6) already contains both fixes for CVE-2026-41840. The fixes were backported on June 8, 2026 via commit 648b33d0a3 as part of CVE-2026-22740 remediation, which addresses the same multipart memory leak vulnerability." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:67cf4128-5cee-5ee2-9b9c-8f7ec23ca99b", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.37-tuxcare.7 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:190e0c6e-a7a2-5cb1-bb88-ab8293d49280", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.37-tuxcare.7 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:9299b980-63da-576b-947f-187d1fefcb5b", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.37-tuxcare.7 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:fd976511-1964-544a-9d95-fb5cfcd87d7d", "id": "CVE-2026-41844", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41844 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:35a4c65b-446f-59f6-ade3-4828e072a26b", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:3a3d67b4-a12b-572e-b5c7-b14ef523d5ad", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.37-tuxcare.7 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:f711daad-3a15-57b1-bf08-718f74607c7a", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.37-tuxcare.7 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:5ffcff3e-51c5-5f86-ad8b-bf4443fc9b8d", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.37-tuxcare.7 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:8027ee09-e19c-5811-8308-45a732a8358d", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.37-tuxcare.7 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:3ff082bd-5c5b-5afc-90a6-67e0346c86c4", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.37-tuxcare.7 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:3c428b44-24c0-5e53-b292-2acf10aecfe8", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.37-tuxcare.7 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:73b04ee1-a6e8-5907-8bbb-d1cc065526c8", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.37-tuxcare.7 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:40f03de6-a2c5-5e30-badc-868309d9bfda", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.37-tuxcare.7 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:766d2600-722e-5135-8fd2-a77bfffd6ffe", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.37-tuxcare.7 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.7" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jms@5.3.37-tuxcare.7" } ] }