{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:55f89a70-fabe-5eb6-aa51-23bcfd089ceb", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-websocket@5.3.30-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-websocket", "version": "5.3.30-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-websocket@5.3.30-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:47dff712-5333-5648-95de-8ad72d0f117e", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.30-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f119e314-7219-57c9-b756-59826337c242", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4197d8cf-0a3e-56e5-bc41-82df1315018b", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:aecf9ac0-f65c-5017-8a1b-c87a6f783f67", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:57caeb00-345c-5680-8b0d-bb9a485c3962", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:dd2b8279-8471-52f3-84af-f3873993ad28", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5dee6da0-8a9c-5cca-84ba-b4e2d13ccc28", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6834226c-0334-5c41-b4df-1010932cb7b0", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6b6993f2-ba72-5fe6-bf46-4b70022d50af", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:76324df8-7d61-57c2-8665-af7c62e10dbf", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:516eb5b9-cb26-5b9c-880a-70f1a25c0e31", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a61952d2-1145-5355-ac68-813e4bf58163", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ab844d15-4c2f-5fd6-ae0e-6f7667d8988d", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8f5e6e81-b758-5b82-a37d-6e3f71aeb68e", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:44fad2ab-8b59-5871-a592-9ec793650fe7", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7df5bcc0-fd7b-5a76-8cf1-1843f59f7dfb", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8e9155ab-383b-5c86-ba49-1b5b87f14f5a", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:46626475-200f-5ebc-87c8-c88b53128760", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9b927759-7c2b-5fe1-a01b-af4ba5b9da0e", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9c47d6af-f6bd-5926-bbe8-d918ca3dac65", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.30-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9e563140-47e4-5017-92ae-43e74cb0813a", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.30-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:942d0a55-6bcf-58b4-a335-08e3c7efcf76", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.30-tuxcare.3 of org.springframework:spring-websocket. already_fixed \u2014 The target repository Spring Framework 5.3.30-tuxcare.3 already contains both fixes for CVE-2026-41840. The identical patches were previously backported by TuxCare as part of CVE-2026-22740 (commits 1a619adbfb and ee9443b0bc, merged May 2026). Both doOnDiscard handlers are present in the current code: PartGenerator.java releases data buffers on discard, and MultipartHttpMessageReader.java delet..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1d71831f-eed6-56e0-bb26-3ec4a46db743", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.30-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:335265dc-43d2-53ae-a1fa-7a6b0aa1e218", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.30-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:34c1b1d5-8259-5973-a687-1df5e883eca0", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.30-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:26cd0f6c-193e-5854-b83f-dac4f21d4210", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.30-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:aabf1602-eaf7-5893-b734-fb0064fcd93e", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.30-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:aa0951d2-623e-525b-b902-ec71873de9e3", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.30-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b811e58a-1257-5b42-a044-604dd59f5ee7", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.30-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:871ce4aa-89f3-5483-a1ae-1495bf441462", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.30-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:83609a4c-904b-5d98-8171-2af23570a94b", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.30-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e635f551-4f41-5ab6-97ad-d28abb10a880", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.30-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6ffa2978-6d77-5466-bf3a-118098e1894a", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.30-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ec322aac-8d8e-5a1a-9f95-479bdc22da3f", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.30-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ad3e3e47-271c-5f24-a095-a11cf61a810b", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.30-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:55396e26-b745-5ab5-bf5e-ed22b3ce78d3", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.30-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.30-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.30-tuxcare.3" } ] }