{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:322ecd29-bee6-5e3f-bdc2-94da04d233cb", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-websocket@5.1.20.RELEASE-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-websocket", "version": "5.1.20.RELEASE-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-websocket@5.1.20.RELEASE-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:9c54b904-e28b-5415-8e66-fa9becb35f99", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:df44db68-e1ac-5672-bb64-7a2aa1f57462", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0c30602f-457d-5a89-8870-84edb0a351f8", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ce15cca9-456b-53a5-a24b-0f13f35a119a", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a0b98053-bb7d-5bb3-91ab-a34e939899f6", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:edd8b5d3-b6c7-53ee-a091-c8f617daaaae", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8281fbbb-8b5f-509d-88d1-045777344da6", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e9c76f0c-4542-5bc3-b42d-682e081e1bcd", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:75d9a98e-b68f-5aa2-9f66-5369b5ad340f", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5b8fc5bf-2e1f-53a6-b21e-3f031da801ce", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a6cc7a3d-4d71-519b-8021-186e87ba2427", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:06ea46e7-40d5-523a-98eb-7a2b1b32cff1", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a919db71-2e9e-5e5e-919a-4fb21294c01c", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:95f8212d-9ffc-5e4b-a184-8d1355dab7e8", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8f08edf5-7ba0-5528-accb-c1f6c4daf4ca", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f164cd14-0817-5509-84d6-19c6850cfcca", "id": "CVE-2024-38809", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2024-38809 is a false positive for org.springframework:spring-websocket 5.1.20.RELEASE-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fd4de9d4-2c6c-531c-9ec0-deed566dcfcb", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ecd246ae-4a13-51d0-8297-4d5855143f00", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9c11dfee-817d-51f4-8fa3-25b470cb9bb9", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d79dfcdc-2ebc-56e4-8531-7b0c061545d1", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b5c4701d-c9a6-59ab-a525-47af8ef9b533", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e1b599bc-8bb5-56f7-9b9e-5ecf01456aa2", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1a928b51-ae22-5971-a73b-28470c2e831f", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9841115c-7287-5820-af2e-ce2a640205c3", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.20.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f10aa8ba-2ed5-56ec-b2cc-2198e8f719a5", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.1.20.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.20.RELEASE-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.20.RELEASE-tuxcare.1" } ] }