{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:51329a0d-053a-5b29-a527-df6728803eb1", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-websocket@5.1.20.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-websocket", "version": "5.1.20.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-websocket@5.1.20.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:dd8cc6f7-47f6-5f0e-b3b8-005c804552d6", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7c6d71a8-458b-5004-90ca-875e15fa513e", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a6abd7bd-bc89-5e4d-9a10-4643eeb49472", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:16074579-1aa1-58bc-a469-9b878d37b525", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e7828275-48b8-5b1a-89f3-d615d42a469b", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:517a545a-e6f3-54de-8dc9-6d521b3e55cb", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9d2266c1-de58-509f-9260-551d76491801", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d735c1e8-513d-5012-b1d7-8588d45fe675", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:203b852b-09ed-51c0-bd8d-d8dd0a7ce3da", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:73250c9f-a5f8-5fd1-8d5a-ba89e8a4d04c", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:86c097cd-e786-5b4a-8ba5-cd230d984d57", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:af4b2fd5-e562-5d99-a947-75863f59fe0a", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cc7c6c3d-216e-5cca-804e-f17a4a96fe7d", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:33ef79c1-d511-5c22-a664-ec885fb0fb85", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ce8e8841-7e79-592f-8f53-46955c7a1bfb", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:24da60b2-3d25-5eb9-842e-5d6165ea5ec2", "id": "CVE-2024-38809", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2024-38809 is a false positive for org.springframework:spring-websocket 5.1.20.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c2d1451b-82b5-5866-917c-aa9658d04471", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:43b43e8b-1d85-5b8a-90c2-0e355ee8de3d", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:95c6542e-df64-58ac-8810-39b7339be659", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1b2db25a-415b-59a3-8ff4-3d002fe21804", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fdb9fe96-961d-5495-9393-56cf1d2a330f", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7b7372ef-d50f-5363-94c2-0f7823007f89", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:85c6d7cc-4d61-50c3-88c5-78d8f7987299", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7f3e391f-7bba-5b23-9e8b-fcdbebb035d3", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8fdbc522-0f3b-5820-bfd7-282e41fc23c7", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6a2952d5-5973-5485-8af1-5de0b366d834", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3c8f653f-1ba2-50ff-8109-06e15fc9c4c6", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9e5cadea-8718-5ed9-8fde-9e62cfca06a3", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-websocket. not_affected \u2014 Spring Framework version 5.1.20.RELEASE-tuxcare.2 is NOT affected by CVE-2026-41840. The target predates the vulnerable architecture (PartGenerator/MultipartParser) introduced in Spring 5.3.0 and uses a fundamentally different multipart parsing implementation (Synchronoss NIO Multipart library)." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5cdd3401-97f1-5f2d-bea9-3c2f131972cd", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:85402ac9-1bc3-58e7-a24e-a4c3629a7c5d", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9df7259f-9dc1-5553-9986-5a32287d18c6", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5b12392e-83e1-5f92-be98-1b4e0a679de7", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5385ae48-e723-5788-8dc2-9c90fb519aa9", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b75086a5-8e41-55d7-b9dc-bef4c35eede4", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:20805195-7feb-5044-91f9-3adaafeed020", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:79d4f04b-90bb-581a-8c07-4352bf5b845b", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:84682972-5827-5c97-85f7-960ae1234def", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:17d73685-df0a-52f5-b283-c20d2f0e70b8", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dabcb1a0-1ddf-5aca-a397-f6b4e1fbc7fb", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b401ddff-9354-53c9-9eeb-88584761eedb", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9b1e2efc-76c2-5e13-8037-5fb0d356fc59", "id": "CVE-2026-41853", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41853 does not affect version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-websocket. not_affected \u2014 Spring Framework version 5.1.20 is not affected by CVE-2026-41853. The vulnerability affects versions 5.3.0 and later, where a new native multipart parser (DefaultPartHttpMessageReader) was introduced. Version 5.1.20 uses different multipart parsing implementations that do not contain the vulnerable code." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:23797b93-ff40-5b5b-ac7c-620e608041dc", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.20.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.20.RELEASE-tuxcare.2" } ] }