{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:6c07b99a-84ed-5ddd-bf05-d731f56a08d8", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-websocket@5.3.24-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-websocket", "version": "5.3.24-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-websocket@5.3.24-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:21b0bf93-a880-537c-88ca-1f168295ebe9", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.24-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2f9720d4-72f3-5c7b-8f3d-797406a41563", "id": "CVE-2023-20860", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20860 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ba737796-1a1c-5487-8070-0854b5d7b058", "id": "CVE-2023-20861", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20861 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d2cb9e3c-27c3-5b48-a0b8-b74aa1b76e24", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:82c3591f-e8ee-5f18-85db-9bc469dc91a2", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3e744840-ff40-5386-9c22-55cf8592410a", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:508316b2-0ae3-5dae-a66a-ed672ea3ba82", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:086e19e6-6aaa-579d-af2c-d40538f5c5d0", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e8545c78-2abf-5a9d-bff1-3b5440d452fa", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:79e47920-950b-53aa-850b-60b6da985d92", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d0c26567-908f-511f-bc66-52bf1cd83460", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7fc48e62-a5c4-56ae-b93d-c3c3371f15e3", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:30e2c567-51f7-5993-957f-e43f5e1c84ea", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1ed0b924-f9dc-5087-9849-4a901d5c80eb", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2546db9d-5c15-5766-a5b3-03fae1c55f6b", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fe2377e8-e573-58fb-b85e-45791ee24ade", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:dc2333e5-769e-5b20-bd43-16f9df9760cb", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.24-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:92eb6bd0-1440-54b4-bfb4-34c71b6fb27e", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.24-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:703632ed-758d-5e83-a1eb-4a37f191a013", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.24-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d716c165-784c-5c96-8d3c-15c0ab37c1a9", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.24-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:93e9987d-97e0-5eac-a018-635cb085d85b", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.24-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3782d69f-1972-5090-859a-67332b3a44cd", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.24-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8bbfee64-5470-5b0c-8b86-f0c7f3c09a5c", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.24-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:78eae608-5539-545a-a2eb-66a097560d0e", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.24-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f6a5144e-bfbe-55f8-b679-75c82e2f44ae", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.24-tuxcare.3 of org.springframework:spring-websocket. Patches already applied: 7052da453285658215efc1dd5ecb0d472fde2de1 (already in target via 2c11852775 'Backport CVE-2026-22740 to 5.3.24')" }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5eec7965-812e-56f4-a1cd-676e877a4edd", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.24-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bb3fcefb-12d8-5d68-a1d6-f8483461589c", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.24-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:398434b8-89c3-59f7-a088-c8e4257d3b6f", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.24-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5908174a-8d8a-5804-8b2e-23723625346f", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.24-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:94760f3b-8e2b-5858-9178-75d9f7f0dc6f", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.24-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:89bfc594-1331-521d-a146-0b5d0549c3d2", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.24-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e9498774-b365-588a-97ed-4086e10f5b74", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.24-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:87ce09e7-4fbc-5e9c-a27d-6c1fb6e16452", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.24-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:81f13bd1-4257-5c28-86ef-7de71e3f65cf", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.24-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b2f01997-3d3d-5101-bd08-28412f5cf5df", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.24-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9686c250-9fe5-5e81-b33c-7aefed006e1f", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.24-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:67fb4fdd-2e4b-558f-a4b4-ed126aae8b67", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.24-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:28ce3569-72ca-5f70-a395-463c3725794d", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.24-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.24-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9c5726ec-5c6d-5788-b924-1a210bc11ed0", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.24-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.24-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.24-tuxcare.3" } ] }