{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:27c1f198-8867-53dd-be33-ef540c95d985", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-messaging@6.1.21-tuxcare.7", "type": "library", "group": "org.springframework", "name": "spring-messaging", "version": "6.1.21-tuxcare.7", "purl": "pkg:maven/org.springframework/spring-messaging@6.1.21-tuxcare.7" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:4e86b71f-a9fa-5d67-9d38-6d2672f776c2", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.21-tuxcare.7 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:50e8e01d-0bd5-50a8-902e-3438c3b63a61", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:20c16927-2178-53af-b68e-9677618f2740", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:f311d133-0092-5249-95b8-9b31a5bb21e2", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:42b390e5-af47-5d51-8873-62e5abc846ae", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:99e78866-eed7-5005-9b20-3f338631bd38", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:9eb09cd0-1b16-5a45-bec0-36a68b4781a5", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:0aabfe0c-78a7-5d1b-abff-c9547a773a6b", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:7ee28321-be5f-5da4-aa2c-2ab44994fd20", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:ed3835b7-11b0-5f79-9864-01da0f9cbaf7", "id": "CVE-2026-41838", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41838 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:1e32b9d4-3589-53a8-afcd-02dc449027b9", "id": "CVE-2026-41839", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41839 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:f94dbb3e-9666-5feb-a8ef-944e161065d0", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.21-tuxcare.7 of org.springframework:spring-messaging. already_fixed \u2014 The target repository (Spring Framework 6.1.21-tuxcare.6) already contains both upstream patches that address CVE-2026-41840. The fixes were previously applied as part of TuxCare backports for CVE-2026-22740 (commit d8aa04a97f, 2026-06-08) and memory leak fixes (commit e7c90921fd, 2026-04-29). Both doOnDiscard handlers are present in the current code, preventing resource exhaustion from multipa..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:fe485e6d-c2f4-53a3-86e8-e1fbf45ef703", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.21-tuxcare.7 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:3c29903f-93d9-58a3-8c81-fa8f0a443a65", "id": "CVE-2026-41842", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41842 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:692ce703-f9eb-5f62-b494-4241c57de9f3", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.21-tuxcare.7 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:8bdaf456-fe3d-51ba-90b3-5ae115a4802f", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.21-tuxcare.7 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:8ea66c13-a569-536b-85f5-649115226f8b", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:b4a68016-8050-5d40-9081-0204a9894d90", "id": "CVE-2026-41846", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41846 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:f69dd589-fb1a-58e0-9f13-76a2d985aac8", "id": "CVE-2026-41848", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41848 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:2bacfced-cf58-5384-8ab5-d6ccac96ff85", "id": "CVE-2026-41850", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41850 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:aa6c607e-9443-5f4a-92b2-0727eba76930", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.21-tuxcare.7 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:d07a0b0c-3ddd-5698-80b9-4b7458823dca", "id": "CVE-2026-41852", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41852 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:a2c76bf9-b5c5-5550-839f-8d8736382d98", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.21-tuxcare.7 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:18dacbba-bfc0-5000-8232-c14204cd8c2d", "id": "CVE-2026-41855", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41855 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-messaging." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-messaging@6.1.21-tuxcare.7" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-messaging@6.1.21-tuxcare.7" } ] }