{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:7a16635c-072a-55cd-864e-9ff11fe9b300", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.5", "type": "library", "group": "org.springframework", "name": "spring-jms", "version": "6.1.20-tuxcare.5", "purl": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:81d881be-c872-5d37-974a-ad6955290d65", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.20-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c181d188-4990-5669-8e42-cad38d359fee", "id": "CVE-2025-41234", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41234 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a82fc2fd-d589-51ec-9988-72ace3362862", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 6.1.20-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:13523970-2fa1-5dd7-90b4-ad788eb828e1", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 6.1.20-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:507d5313-46d3-599c-a596-28d19fbde200", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 6.1.20-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1bdbeaf9-6672-5310-becc-9973e7cf4fc6", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:6809aad2-eeac-5473-b145-5c31f82d64d3", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ac404390-9560-5070-badc-5b47e13673d6", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:fef8b59a-232e-535f-9d27-d27b5ffda90f", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:36f988b2-7a34-571c-b450-2edb14d7bb21", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c572c586-7086-5def-adb9-61711f4355bb", "id": "CVE-2026-41838", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41838 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1ea8148a-4376-5c39-b502-12f892836c32", "id": "CVE-2026-41839", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41839 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:5dfa82e8-f0ad-5044-a0c7-53c12bf48093", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.20-tuxcare.5 of org.springframework:spring-jms. already_fixed \u2014 Spring Framework 6.1.20-tuxcare.4 already contains both doOnDiscard handlers that prevent the multipart memory leak vulnerability. The fixes were applied via TuxCare backport commit a6b78f2a1c on May 19, 2026 under CVE-2026-22740, which appears to be the same or closely related vulnerability as CVE-2026-41840." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:68c40f82-29e4-5bef-8070-6c4e0502632d", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.20-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e7028c0c-aa42-5689-aa49-42b94da4e8b2", "id": "CVE-2026-41842", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41842 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c1faf7c5-6b0e-55f3-be0d-1e9f64e1c09f", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.20-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d33c34b4-0c4d-578b-a729-1de4fcab8422", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.20-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9bf2cb8f-badc-5ee6-83be-32a7a7ed53ea", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:30bb73e5-ddaa-5879-a444-fe85385fe8d0", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 6.1.20-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d90f3d3f-84d0-55cc-8d5d-53e926f147c6", "id": "CVE-2026-41848", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41848 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ff536ba8-d784-5b67-8113-1f26594dd1fe", "id": "CVE-2026-41850", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41850 is fixed in version 6.1.20-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f32a0696-6580-5c98-8d6a-bdd9d2f812d9", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.20-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e2896299-2867-5673-88e2-6488e11c8284", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 6.1.20-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1df76915-130a-5d53-85c5-6871edd3da79", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.20-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:4effd719-f186-5106-bf59-2eac4478ae2f", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 6.1.20-tuxcare.5 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.20-tuxcare.5" } ] }