{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:d61a26b8-8f7b-559e-a760-1985b1a62972", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-messaging@5.3.37-tuxcare.5", "type": "library", "group": "org.springframework", "name": "spring-messaging", "version": "5.3.37-tuxcare.5", "purl": "pkg:maven/org.springframework/spring-messaging@5.3.37-tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:5c73df2d-fd27-5a69-9bf9-c67d57c482a3", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.37-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:73e062b9-6073-5531-87e2-84923c1daed3", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:0e94f25f-ebf4-57d9-a40b-58ebfdac9213", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:824c9033-c8b3-5d0b-bc58-e9cc012166e7", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7f797b71-8bef-50f1-9942-0e9615dff542", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.37-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a51a05c0-fc60-593d-b802-10b1a9f80bd2", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ff49aa7e-dcec-5dcf-aba1-56dc427584dc", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.37-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:285cc198-fe7a-5ba1-a987-84c26d67056a", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:5b7b8e41-b907-596c-bb02-42dc2269ba6e", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.37-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e5681499-7c9e-56cb-a7f7-acbf0deb7dd7", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:6a204699-3b40-55ec-b7b8-e983a8c5ddfe", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.37-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:5d7662ba-0a1b-578c-967c-d1fc0bcc8a17", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:610f59b8-2229-55b9-803b-ab02f4b8c190", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.37-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d745e408-a808-5e2b-af7e-9afbdc27e362", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:029f72cf-6c1d-5ee6-a690-b887bb1ec422", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.37-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:0a45bf59-b907-5bdd-bbd0-5f7f57a03a59", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.37-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:194b47fd-a7bb-5096-b241-eee1c6352dd2", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.37-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c79213ec-b661-50c3-a453-52a6562369a6", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.37-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:78309a51-2be3-52d2-b46e-190fd1acafd7", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.37-tuxcare.5 of org.springframework:spring-messaging. already_fixed \u2014 The target repository (Spring Framework 5.3.37-tuxcare.6) already contains both fixes for CVE-2026-41840. The fixes were backported on June 8, 2026 via commit 648b33d0a3 as part of CVE-2026-22740 remediation, which addresses the same multipart memory leak vulnerability." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3ce416f4-74e4-50fd-af2a-842e9ede9116", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.37-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:30d01892-62ee-5fec-8531-be270ed39c44", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.37-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9d0d1911-bb23-5f98-b2de-704077f6bbe2", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.37-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:21741599-e04c-5fd0-b78f-ab21849ca653", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.37-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:82eea477-a74a-5399-99a0-3f3a9a277d6c", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.37-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d66df4dd-07ea-5912-ae17-93e67e1b70e2", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.37-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9ff088e6-f9fb-5355-803e-b39d2e57b0a4", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.37-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1252b89d-9a54-5f40-9abf-ac248c8842a2", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.37-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:2aee21d0-9d2e-5fa0-ac87-e1c7ff8ada2b", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.37-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:62a8af49-975a-5235-aac1-363138fb055e", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.37-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c0fd4a5a-9179-573a-9619-e91fdaf4efa6", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.37-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7568d4e1-bb70-5704-b805-790697de5262", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.37-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:bde692f2-16a1-5aa4-8ffd-9104e5cb7317", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.37-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d3864b32-7350-51a4-a4ee-cf748964d0a8", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.37-tuxcare.5 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.37-tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.37-tuxcare.5" } ] }