{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:bc63a892-80a8-5e30-887d-c27ee9728eae", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-messaging@6.1.20-tuxcare.6", "type": "library", "group": "org.springframework", "name": "spring-messaging", "version": "6.1.20-tuxcare.6", "purl": "pkg:maven/org.springframework/spring-messaging@6.1.20-tuxcare.6" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:8396e278-ef34-5592-b51d-9b977ea90eb3", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.20-tuxcare.6 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:ffeb89f9-9ae4-516f-8b3a-796befde963b", "id": "CVE-2025-41234", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41234 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:83c9017c-08a2-510d-a783-48443304ffbb", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 6.1.20-tuxcare.6 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:9986eae6-5056-556b-bd07-08c1d83648ff", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 6.1.20-tuxcare.6 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:9ee509b0-a173-51b2-aba4-f3e4f393d603", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 6.1.20-tuxcare.6 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:50c88dc6-4ad5-5775-8c87-56d63e3cbb27", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:f07cc849-aab1-52e5-9c9c-226453f94f06", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:38304510-720b-5512-be34-eca30736d0ed", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:48c07969-55a4-51f3-ab3d-42427b0706b5", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:60e1ba37-5982-5940-af7e-fca3a57a291e", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:504958b8-2975-51a9-af0c-8a79a3d0ece0", "id": "CVE-2026-41838", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41838 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:c208de48-c319-5d1c-8d49-6dbc728bbbd5", "id": "CVE-2026-41839", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41839 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:314e601a-3f28-56e8-b526-74023ee6e071", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.20-tuxcare.6 of org.springframework:spring-messaging. already_fixed \u2014 Spring Framework 6.1.20-tuxcare.4 already contains both doOnDiscard handlers that prevent the multipart memory leak vulnerability. The fixes were applied via TuxCare backport commit a6b78f2a1c on May 19, 2026 under CVE-2026-22740, which appears to be the same or closely related vulnerability as CVE-2026-41840." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:6da7384c-7b7d-5ce4-b146-de1b1c083d7c", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.20-tuxcare.6 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:f5716dd1-eb17-568d-baea-ae3f64d74979", "id": "CVE-2026-41842", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41842 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:10328739-c3b3-50ea-88af-ec888c082df0", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.20-tuxcare.6 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:e3c6ae9a-7f78-5e0f-b188-a707296041e7", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.20-tuxcare.6 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:892b22cc-3d28-5d8b-942d-df4cd6cda9fd", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:4a0e1249-e14e-58ce-9b7b-add7018ccc41", "id": "CVE-2026-41846", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41846 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:0ccbf87b-4c32-56e4-a52d-0a2c70c8c3fc", "id": "CVE-2026-41848", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41848 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:e778bd03-3f67-5816-9025-75c007e6b495", "id": "CVE-2026-41850", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41850 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:81f65560-8cb7-5442-a143-5b3a095dc3b2", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.20-tuxcare.6 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:50d61370-81ed-50de-8f89-c60dca78bb34", "id": "CVE-2026-41852", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41852 is fixed in version 6.1.20-tuxcare.6 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:4c585e68-3d90-5224-9e82-c5bfad2a5484", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.20-tuxcare.6 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@6.1.20-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:a6422e14-ac4b-5b3d-8469-1f9d9e236615", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 6.1.20-tuxcare.6 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@6.1.20-tuxcare.6" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-messaging@6.1.20-tuxcare.6" } ] }