{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:d369af26-7f2b-5d38-87e1-0338b0a1900f", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-messaging@5.3.31-tuxcare.5", "type": "library", "group": "org.springframework", "name": "spring-messaging", "version": "5.3.31-tuxcare.5", "purl": "pkg:maven/org.springframework/spring-messaging@5.3.31-tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:17f73448-c628-5ceb-8149-aec6b8df10f8", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a291e47e-c02d-56fd-9553-ec3ff246330f", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:0c33755c-a875-5362-89ba-46f5fc73c7a8", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:844a6e90-9684-57f1-be90-e8510d113fa3", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:657285f0-1d3d-5252-a33d-4fa464de6a95", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e3652df7-ce1e-5422-ab89-24290013209a", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:0b830445-25e5-52d6-becd-52f6b2a9d367", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e2f7e26a-126b-5f8c-9f05-29860d6e5459", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:072c2c59-4afa-5d5e-bb11-0ca6c5a98329", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:15aa9f98-aa43-52d2-b6e6-c9846d84f047", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:58a099f6-5049-5ceb-b4e2-48bdff773db0", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:16431511-593f-55e8-aa0a-5e32c4e16937", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-messaging 5.3.31-tuxcare.5." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:13a072a6-46c6-550a-8d10-50979b3e8a46", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c914eda7-5959-5e96-b969-36fda1f35316", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f46e5eac-ac49-5948-bd3c-1a4939faabd1", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:4e2e9388-e81c-5062-afe2-ec698fc4b264", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b029c551-3c99-5c8a-a454-df141f8645aa", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:88245fc6-e6ce-5cc9-b45d-7fee36eff277", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7ce0f014-3a98-5b38-8573-a352390d31c8", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.31-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a147cfe7-d9f3-558b-acd6-dd24ffc45aeb", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d0c97854-1e9d-5a0e-915f-145c4e29d26b", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.31-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7d7d92f3-7847-5ed7-8cde-e46b6d056c37", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.31-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:4b75f12e-ea14-57a5-9905-92e20d0bf9ff", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.31-tuxcare.5 of org.springframework:spring-messaging. already_fixed \u2014 The target repository (Spring Framework 5.3.31-tuxcare.3) already contains the complete fix for CVE-2026-41840. Both required doOnDiscard handlers were applied via commit 615477c88f (labeled as CVE-2026-22740 backport) merged on May 4, 2026. The code changes are byte-for-byte identical to the upstream patches." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:6e379061-b238-5d1d-a211-80887237168f", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.31-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b1f5f3f8-bfcf-58f9-8597-c7c2d005c37b", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.31-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a99fe0a3-2e5b-5c74-8247-73fc5deb12f5", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.31-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:06ddf83a-f29c-53f6-b922-89b89624e7d7", "id": "CVE-2026-41844", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41844 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e1764fb1-d76a-5227-b00c-03d363864a69", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9dc57c8c-6d2c-5941-ac83-a9dcc0f9ee6f", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.31-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:97b75ce7-f755-5a26-8c7d-8d2e9f4b1668", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.31-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:60a10654-ee22-55a2-99ef-dac74ec07bca", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.31-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a3546dba-cfc6-5631-a959-bd9dbec6b80a", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.31-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:bb1a88dc-5a62-52a1-af25-6f8417fd2de1", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.31-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c7206bf8-a275-5f0c-af27-a55dffd617aa", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.31-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f99e2684-0795-5bf9-bce4-b9704b15cd46", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.31-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f9393267-ae7d-5bd6-b376-5d3465b6abae", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.31-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:df20b06b-726c-5612-9790-9c6c78d3ce6e", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.31-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31-tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.31-tuxcare.5" } ] }