{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:90e1cd07-46aa-5092-b939-411105c07362", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-websocket@5.1.5.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-websocket", "version": "5.1.5.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-websocket@5.1.5.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:3e741ee3-0385-5f8e-bfad-fcf2d314eea6", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:abd67b57-4e73-5d30-ab3d-254dfc922025", "id": "CVE-2020-5398", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2020-5398 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1588563f-dd36-5066-93ef-e311aea5f825", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fd1b3d71-9f93-5a72-bdac-25ba5681280c", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a9bf02e5-3a4f-5a97-823a-17ad65a00e03", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:98ac9acf-9c01-58ce-95aa-c5bacafc6b9e", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b26a76fd-04dc-524f-9e91-c881b38c52ed", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bdd2807b-8cc7-5d70-a30d-6423f2b124c1", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6ba70ae3-4d45-5a1b-a431-18834f98c291", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f6a41af9-854b-5f9c-826f-5e1e8f66731d", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e4ffd09d-9f8e-50de-8d70-37924df7095d", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:54afd6df-774c-5d1f-986b-4508fa2dbf98", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b4af0a95-6e8b-54e8-bfec-bdc3942c6fc3", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:71aa1176-0690-5797-8b5c-6615625432f8", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:70642c6c-5e30-547a-bd37-a9b5a80584c7", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:edfa847f-01d1-5199-a543-1450724fb070", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ada32f0c-97c2-5fb0-a385-35da7f094e6c", "id": "CVE-2024-38809", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2024-38809 is a false positive for org.springframework:spring-websocket 5.1.5.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7e199754-b4a1-5927-b9e9-4bc7cf5d9a9f", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:73a5601b-0ec2-5840-986f-cfffca5b4a13", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0d4d4bef-3042-54d2-8df5-fc4bf93d893e", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:70827ce9-e60d-5d8a-8b1f-4a44d4cb7c72", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0cf77a63-6727-56be-b8c5-978a7e8c782b", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:14e39fcf-7c9d-59e4-be2c-ecdd1458ce9a", "id": "CVE-2025-41234", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41234 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9db1e5fb-98f9-587c-99f6-46bac465e7dd", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:62d5b746-1c1b-5b53-9d1b-a943002e7ec3", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3563b6d9-05a0-5098-ba55-d62f06ef3726", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6831d278-3caa-599c-8320-5b964c193512", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8ce48f06-9e20-5a93-b821-12870f98d82c", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.5.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6f31073e-06a1-533f-910f-810bd931bdb3", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.1.5.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.5.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.1.5.RELEASE-tuxcare.2" } ] }