{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:eec9e2d2-c600-5b4f-93d8-453bd9ee809b", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-websocket", "version": "4.0.0.RELEASE-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:d989ff12-95d2-5d1e-8cf0-52d4ab834848", "id": "CVE-2014-0054", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-0054 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9ad2199b-02e2-5607-aa7a-026634b1e307", "id": "CVE-2014-0225", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-0225 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:43943701-cee0-5fae-b1ea-c02dabfd5af2", "id": "CVE-2014-1904", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-1904 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a0147943-0c3e-56f1-b2ac-a69b1e1d6e74", "id": "CVE-2014-3578", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-3578 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:21fdba5c-db5e-5c81-b3c8-76dd8b92edb9", "id": "CVE-2014-3625", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-3625 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:136e16ef-5bd7-5700-b755-446126f460c4", "id": "CVE-2015-3192", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-3192 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0d0c700e-4313-5df4-aa55-c8a55575baac", "id": "CVE-2015-5211", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-5211 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:dcc6d6b8-e409-5347-a1fa-099ef8636c4d", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:49130d09-28ca-5f1e-b408-fc445e854198", "id": "CVE-2016-5007", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-5007 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1e2277fe-de0d-5ca9-8efa-8847c3967699", "id": "CVE-2016-9878", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-9878 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7de58193-1508-55a5-ba0f-c957f5f7dfc7", "id": "CVE-2018-11039", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11039 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0fe93963-4493-5aac-bfe3-cbbef76beed0", "id": "CVE-2018-11040", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11040 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c36da509-b349-593a-8832-4cc3df8291d1", "id": "CVE-2018-1257", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2018-1257 is a false positive for org.springframework:spring-websocket 4.0.0.RELEASE-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a76dd3a3-d070-56ee-b2d6-db118bcd40e6", "id": "CVE-2018-1270", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1270 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3cebf08d-cd6c-5e32-9406-6f01e9fdadb0", "id": "CVE-2018-1271", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1271 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5f5362c7-bfd6-5a09-b9ee-437c7a05b242", "id": "CVE-2018-1272", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1272 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d898aa66-7fb0-561f-b47b-44c67f85966f", "id": "CVE-2018-1275", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1275 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:19209104-5a69-535f-8a00-88fd6a626027", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a581ecf8-4969-5677-8364-58f1a59808cf", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4060a199-c09c-5bc7-ac16-bcf0c114aa60", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:20e14b7b-f506-5319-8593-1f7dcc6a61cd", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:eb2da7d9-246a-55fc-b26b-d3c086581ef3", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:93f20da8-9d68-5278-afa6-00958f83ee8e", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:94e017bb-b87f-5411-85f2-2ec4dc129746", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a5d2edaa-87bf-5267-822c-7cada95f2f01", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:693f5d8f-0610-5cd3-bdd5-e94c63dc50cf", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:603c556c-f8cb-53bc-96a9-f06a228075f2", "id": "CVE-2023-20861", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20861 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:517a2350-5209-585d-a155-92e13dd65195", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fa776a87-9920-51a6-b906-1bb9185d4ecc", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:562f62af-607d-523c-8394-5cf9a781664a", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:447b799b-7778-5882-a342-b57c5bbee7db", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5240e5c1-f58f-5f13-865b-e3319b53724b", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3cf71ca4-b4b5-5b9b-8f40-cfa5eff542e8", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d868b847-c6b4-5bc7-8c21-a15f64ac3e44", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:32dd6234-bedf-51f4-a3d9-846d2f14cf2a", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c3488761-76e1-5177-82c0-93168a258538", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:23ed16c8-7287-5c53-aa6f-ea1568f255e2", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:42af60c2-ff56-5b51-a57d-173b558882ea", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:383be252-5fcf-5d16-aff8-2b4f3577d0cb", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5a9c4193-86c2-5052-bbec-754b8780fbb3", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4c61235b-dbb9-5769-8c33-ba443ae36688", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 4.0.0.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.3" } ] }