{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:16e00215-5cd3-5d24-81b8-a454dd8b0eae", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-jms@6.1.21-tuxcare.7", "type": "library", "group": "org.springframework", "name": "spring-jms", "version": "6.1.21-tuxcare.7", "purl": "pkg:maven/org.springframework/spring-jms@6.1.21-tuxcare.7" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:41393e8f-a76e-52b7-bdf3-c0ffb015ab7d", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.21-tuxcare.7 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:fa0ba7dd-fbea-54f2-8166-ed1f8451e8ff", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:e8b8de12-cd91-5a35-993c-88f801748bc9", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:da753482-81a4-5173-bd2c-be8d488b4ee0", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:1a2e04ab-2af6-5257-8b62-5be1d007269d", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:a1259f16-ee7e-541b-8de8-32e91898a5b7", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:e4364eee-c365-5d2f-9c57-2ca1f8b425a3", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:27dba37b-6f4b-5f96-8fb5-825423099ccd", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:bf8f4475-45f9-5a7f-9a8d-c3d8d61e6edd", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:9674a714-a3cd-505c-819a-bef430724978", "id": "CVE-2026-41838", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41838 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:ceb30337-c27f-59c7-9553-a0c270278a31", "id": "CVE-2026-41839", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41839 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:07a7c0a9-8de2-5d59-851b-2da5b0a86c45", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.21-tuxcare.7 of org.springframework:spring-jms. already_fixed \u2014 The target repository (Spring Framework 6.1.21-tuxcare.6) already contains both upstream patches that address CVE-2026-41840. The fixes were previously applied as part of TuxCare backports for CVE-2026-22740 (commit d8aa04a97f, 2026-06-08) and memory leak fixes (commit e7c90921fd, 2026-04-29). Both doOnDiscard handlers are present in the current code, preventing resource exhaustion from multipa..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:a1b52b8e-ec86-5aa4-bac4-4dc6f6369b87", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.21-tuxcare.7 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:a4d2ec87-4be4-565c-8b57-ce9fcb911e97", "id": "CVE-2026-41842", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41842 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:59301d05-c005-5041-9a24-ebc3d2ba58a2", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.21-tuxcare.7 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:a286061a-289d-512e-813e-9b1c2e180382", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.21-tuxcare.7 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:94adc612-7a47-5825-bc6e-ff6ce69befb4", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:bbf53e07-4b7b-55cd-8442-051ca51bb577", "id": "CVE-2026-41846", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41846 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:57af4ca7-e71e-5172-a6f0-49498ac1769a", "id": "CVE-2026-41848", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41848 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:c398e0f1-d8ad-5fed-bd43-d617ba085b93", "id": "CVE-2026-41850", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41850 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:d3a1cc09-6bdd-5b72-b783-d3545ed1c4b2", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.21-tuxcare.7 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:9ce8adbf-bdd6-5cc0-91f0-d96693e6d01b", "id": "CVE-2026-41852", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41852 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:47dee1b1-9880-530d-9e90-ef5836693bd4", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.21-tuxcare.7 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:1dd9a09a-9536-5851-a372-babd44c0ca50", "id": "CVE-2026-41855", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41855 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-jms." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.21-tuxcare.7" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-jms@6.1.21-tuxcare.7" } ] }