{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:640997e8-12d5-56bc-86a2-196c3dfbacae", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-messaging@5.1.20.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-messaging", "version": "5.1.20.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-messaging@5.1.20.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:df8ea1ca-b5f4-55d0-9860-7b2f4d28fd39", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6df2e67b-75c0-5b46-a32b-5755b68ed50c", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:94ccb34d-28ef-5c8a-bb2b-da3ab6642a32", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bc7c9986-7191-530c-baf0-939aa37f2114", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:88a08d96-576c-57b7-8fcf-881d9ffc4329", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:65cf1fcd-932f-56f8-90a4-2aabeddc21f1", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e731af78-5891-526c-bf2e-41fa8cf3e742", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7af9cbf2-0bb4-5db4-80f5-cac4e3f4aeb9", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:28ca7b71-6041-5dbc-85a1-03458761228f", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fb44887f-a6d3-5e58-851e-412fc17d3188", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2a9be437-d32d-56ee-a655-3ba868a401d6", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:df034645-f09b-5071-aedb-5bc64bf25df3", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:aa736e36-fdef-5594-a3df-bf8af4dd2d27", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cc00da52-1581-506a-ba9f-047639e26833", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2386b7bb-9374-5d3d-b7c8-4a6454fed811", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:98ace39d-39ca-5717-8780-ea6323618530", "id": "CVE-2024-38809", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2024-38809 is a false positive for org.springframework:spring-messaging 5.1.20.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:259a4f62-270d-5411-93bb-cba7195e1cde", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a14c70b9-d206-5244-a467-4a4f97b6b400", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b2dba322-01e8-5555-8783-2c6bd349ec47", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ec5886bd-8733-5ae0-b9c7-02f86970baa6", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4e979566-72f3-5f46-aefd-a04765da12ca", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fa414bca-48b9-5f51-8055-d66265b67f7a", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6bc6ac8b-f0ab-58c6-bf16-5a01bdf2b2ee", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:818780c3-9800-512a-af48-1831185ef1be", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d64b083b-ed48-5119-9f3f-47ba973b82ac", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:79552456-b77e-55ee-9254-e71a774a2048", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f2c19c39-1ba1-5a7c-be37-b7ece295c1f9", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:67f458e9-d60f-584b-9a48-886dd267c761", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-messaging. not_affected \u2014 Spring Framework version 5.1.20.RELEASE-tuxcare.2 is NOT affected by CVE-2026-41840. The target predates the vulnerable architecture (PartGenerator/MultipartParser) introduced in Spring 5.3.0 and uses a fundamentally different multipart parsing implementation (Synchronoss NIO Multipart library)." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:57d6410f-8eb3-5454-9c10-0e78d9dd4c03", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c76af795-282e-5b97-91c8-db4d17131edc", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fb1994fa-64d0-554a-b0a0-8a7e17e6ada7", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3676f97e-ed0e-5183-8219-3a48e01528e2", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0e649881-0fee-5403-a521-0060be23ba95", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:29a2a06f-7ee1-5c5b-888b-e2964ac2492d", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0d8d17e2-3891-59a6-81e2-f7a74542afed", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:63d80cf7-75a7-5116-9d3b-01efc51dd9db", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:69f9cfbf-c337-5d67-8e6d-e001ec7ccd80", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6c554817-c9c3-51ec-b7fa-2c12edd53ba4", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3161a25a-6b76-5d8a-8894-44b67af3d889", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ad6044fa-d2ab-5be5-adf2-1b0129c5c807", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:64245d03-f250-53cb-bf7a-c4b61fa8114e", "id": "CVE-2026-41853", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41853 does not affect version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-messaging. not_affected \u2014 Spring Framework version 5.1.20 is not affected by CVE-2026-41853. The vulnerability affects versions 5.3.0 and later, where a new native multipart parser (DefaultPartHttpMessageReader) was introduced. Version 5.1.20 uses different multipart parsing implementations that do not contain the vulnerable code." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:63f7c8f5-8d60-51d5-9f21-0c173d826c8d", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.1.20.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.1.20.RELEASE-tuxcare.2" } ] }