{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:70e08b12-990d-504c-9751-9410eaee8ea7", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-messaging@5.3.39-tuxcare.14", "type": "library", "group": "org.springframework", "name": "spring-messaging", "version": "5.3.39-tuxcare.14", "purl": "pkg:maven/org.springframework/spring-messaging@5.3.39-tuxcare.14" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:5fcb4124-83b7-5875-977d-6f1fb3d9feef", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.39-tuxcare.14 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.39-tuxcare.14" } ] }, { "bom-ref": "urn:uuid:55695ef8-c949-5f16-86fd-abe377d8aefd", "id": "CVE-2022-22968", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2022-22968 does not affect version 5.3.39-tuxcare.14 of org.springframework:spring-messaging. Spring version 5.3.39 is not affected to CVE-2022-22968 as fix has been already already backported by the original developers" }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.39-tuxcare.14" } ] }, { "bom-ref": "urn:uuid:be1e2014-85c2-54fa-98ec-69a5934aec0a", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.39-tuxcare.14 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.39-tuxcare.14" } ] }, { "bom-ref": "urn:uuid:a4e29b20-896b-5069-adce-52ed5641744b", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.39-tuxcare.14 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.39-tuxcare.14" } ] }, { "bom-ref": "urn:uuid:22cbde53-993c-56da-84a1-f827e409679c", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.39-tuxcare.14 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.39-tuxcare.14" } ] }, { "bom-ref": "urn:uuid:82d0eeca-8270-5689-a086-460b33ec0936", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.39-tuxcare.14 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.39-tuxcare.14" } ] }, { "bom-ref": "urn:uuid:0423958b-1ee8-5887-bc41-b336a801fbc3", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.39-tuxcare.14 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.39-tuxcare.14" } ] }, { "bom-ref": "urn:uuid:8232c047-8c00-5512-b5e2-9528049b4b1d", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-messaging 5.3.39-tuxcare.14." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.39-tuxcare.14" } ] }, { "bom-ref": "urn:uuid:7354d74e-a419-5564-a29f-b6094e7138e7", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.39-tuxcare.14 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.39-tuxcare.14" } ] }, { "bom-ref": "urn:uuid:c8bccae5-b9c2-5d6a-b583-4813eff737b6", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.39-tuxcare.14 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.39-tuxcare.14" } ] }, { "bom-ref": "urn:uuid:68bdf621-4403-5c54-87ac-9ce9f8bd1911", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.39-tuxcare.14 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.39-tuxcare.14" } ] }, { "bom-ref": "urn:uuid:962cb1c1-875e-5b4c-baba-238572e18ee0", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.39-tuxcare.14 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.39-tuxcare.14" } ] }, { "bom-ref": "urn:uuid:8522c119-4dfa-567c-afda-b15f54497b79", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.39-tuxcare.14 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.39-tuxcare.14" } ] }, { "bom-ref": "urn:uuid:751b7d10-ada0-5a33-8d9b-e19f5bed8f38", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.39-tuxcare.14 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.39-tuxcare.14" } ] }, { "bom-ref": "urn:uuid:2e368268-0981-5964-be21-57764e6c51fc", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 5.3.39-tuxcare.14 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.39-tuxcare.14" } ] }, { "bom-ref": "urn:uuid:d08edd54-d636-5e81-b8e2-e1aa9ec21f34", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.39-tuxcare.14 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.39-tuxcare.14" } ] }, { "bom-ref": "urn:uuid:8c691d7e-d9e5-5236-896e-8f87acf042c1", "id": "CVE-2026-41838", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41838 is fixed in version 5.3.39-tuxcare.14 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.39-tuxcare.14" } ] }, { "bom-ref": "urn:uuid:8c517665-ebd8-5e5b-844b-00a1275e4772", "id": "CVE-2026-41839", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41839 is fixed in version 5.3.39-tuxcare.14 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.39-tuxcare.14" } ] }, { "bom-ref": "urn:uuid:3b8e41d9-79a4-551e-ad02-80b219ae8853", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.39-tuxcare.14 of org.springframework:spring-messaging. already_fixed \u2014 The target Spring Framework 5.3.39-tuxcare.12 already contains both vendor fixes for CVE-2026-41840. The fixes were backported via commit 4ef4cdca34 (May 13, 2026) under CVE-2026-22740, but the code changes are identical to the upstream patches. Both doOnDiscard handlers are present and active in PartGenerator.java and MultipartHttpMessageReader.java, preventing memory exhaustion from unrelease..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.39-tuxcare.14" } ] }, { "bom-ref": "urn:uuid:7aa8560c-1bec-57db-a3d5-b47c24ed0820", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.39-tuxcare.14 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.39-tuxcare.14" } ] }, { "bom-ref": "urn:uuid:5e290d75-7f86-50a7-b266-c23eb37baca0", "id": "CVE-2026-41842", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41842 is fixed in version 5.3.39-tuxcare.14 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.39-tuxcare.14" } ] }, { "bom-ref": "urn:uuid:aab1748e-533d-5073-a6c9-245a45a72340", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.39-tuxcare.14 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.39-tuxcare.14" } ] }, { "bom-ref": "urn:uuid:918a04d2-6002-5e5d-9b17-ba51faface04", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.39-tuxcare.14 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.39-tuxcare.14" } ] }, { "bom-ref": "urn:uuid:52ab9c8a-00a8-55e5-bc5e-010ce28b8563", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 5.3.39-tuxcare.14 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.39-tuxcare.14" } ] }, { "bom-ref": "urn:uuid:344dbdb7-8970-5281-ab1f-81bed3df3eb4", "id": "CVE-2026-41846", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41846 is fixed in version 5.3.39-tuxcare.14 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.39-tuxcare.14" } ] }, { "bom-ref": "urn:uuid:7621ec90-603e-54b8-9295-427524e60c5a", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.39-tuxcare.14 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.39-tuxcare.14" } ] }, { "bom-ref": "urn:uuid:ed688225-5975-5267-ad49-db4ae7fccbc5", "id": "CVE-2026-41848", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41848 is fixed in version 5.3.39-tuxcare.14 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.39-tuxcare.14" } ] }, { "bom-ref": "urn:uuid:6c5a84f2-b75f-567f-9baa-a30766b67669", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.39-tuxcare.14 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.39-tuxcare.14" } ] }, { "bom-ref": "urn:uuid:eb2d698c-0131-5ed7-a3e2-58fff31006be", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.39-tuxcare.14 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.39-tuxcare.14" } ] }, { "bom-ref": "urn:uuid:7fddc1d3-c130-57be-bfa1-89d57701bfcc", "id": "CVE-2026-41851", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41851 is fixed in version 5.3.39-tuxcare.14 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.39-tuxcare.14" } ] }, { "bom-ref": "urn:uuid:3d0c0b66-e8ef-592f-b918-eadfab1dceb2", "id": "CVE-2026-41852", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41852 is fixed in version 5.3.39-tuxcare.14 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.39-tuxcare.14" } ] }, { "bom-ref": "urn:uuid:ad44a487-9b46-54d7-9d77-00aed8824de9", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.39-tuxcare.14 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.39-tuxcare.14" } ] }, { "bom-ref": "urn:uuid:bb1d854a-81c0-5dc3-b6d3-42add8f876c2", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.39-tuxcare.14 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.39-tuxcare.14" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-messaging@5.3.39-tuxcare.14" } ] }