{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:d47e2cc4-39b3-55ba-ae73-1e0c601e3a1e", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-messaging@5.1.20.RELEASE-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-messaging", "version": "5.1.20.RELEASE-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-messaging@5.1.20.RELEASE-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:f049fa27-3c52-5867-aab0-d430355e9c82", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c574bd12-8e59-59f6-aa0e-c9f140c69a1b", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9f859856-6a30-527b-bdf6-b03168044412", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ba18c817-d245-584d-9ae7-c41ecb386de6", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b7875997-72c3-5987-8925-2eaa225cae65", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e006b5d4-21d1-5471-9a44-6f4b4e7f2c81", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cfd894ae-e00a-5c53-8fea-d0b805151bb3", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:aacd7c69-d05d-50c6-b554-ae6586414eea", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e045a6ec-b787-5da3-a39b-38870ccfe977", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d64d7185-213d-5ff9-9b43-4ac1a7385a87", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:78f955d3-73cf-5b52-8ea1-349f11970d2a", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5062294d-1eb8-554c-b45a-f85de0586282", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:37ab5cb4-d7b8-5b77-8725-df48252599ad", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e1dfd4d1-fcb0-54e0-aea2-8265a9b59237", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e205d087-b13a-5727-965f-c99e87c4bac0", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c57bbb6d-a23d-5398-b5f2-cabcacd0297f", "id": "CVE-2024-38809", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2024-38809 is a false positive for org.springframework:spring-messaging 5.1.20.RELEASE-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5615c700-cea3-5710-b5e8-67153bb6149f", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:18767825-d55c-5831-b82e-b8f80f3f5730", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9cefc89e-d2d3-5c91-b0d5-4e51fa00df1d", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:015ce2d4-8f41-52d1-afea-670b6196a71f", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bfd2619c-a57c-588d-baca-7a11938261fc", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:795618bf-d3ed-5ca9-af63-55b0a0aa0c9f", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:807a87c3-5332-5425-99df-961473652c42", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9d2f681b-a3c7-56d0-af3a-f5a836b57a27", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:731027fe-e208-575c-9018-d7d25ee0dc80", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.1.20.RELEASE-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.1.20.RELEASE-tuxcare.1" } ] }