{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:46e23151-59eb-5df8-8a14-45197a0acd69", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-websocket", "version": "5.3.31-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:f9e1a1c0-ed71-5f0f-97de-f7ec37760ce9", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0a406307-93bf-5c25-8e59-e84280c9104a", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:26028752-67e6-5cff-9037-f8ddd3728ae0", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f476e973-86f0-5641-9b10-80318ac4cab3", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:847bca28-f3a2-561d-81af-ef0ccb5ca26b", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9216a9b5-fe41-5c28-ba21-2f505615e506", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:16f7b0a7-bab5-530a-a2d4-7780f25051e9", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:74d351ff-7e99-5910-ade2-f5bf96f0a65b", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0fb884da-f524-5b52-9129-7b4f8d7cbc84", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:90e149e0-a547-54a3-baf7-940dbccacabf", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:923472ce-69cf-5ed5-a563-cad76733f13e", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2029a424-7b89-54c4-84d8-627a79013d96", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-websocket 5.3.31-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:fde2d8fd-fac4-5bfe-ab4a-4ebb6f8ec841", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cf7a07bc-ef20-5c10-9a70-fac071574f3f", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:46121ab2-ad3e-52cc-a6ae-516fd7b131ff", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:07076605-03f2-55e5-bbac-6178157f5f7d", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a20cd87d-3f50-5c83-87b6-2d73c87a1076", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.31-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:699d7f97-710d-5dce-80c5-525781d77996", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4668cf2c-6240-563a-bc56-b1c0d06cbd28", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.31-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:088c5e71-4ebc-513a-a160-6478d053494c", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a8d184db-f37e-5a05-89dc-938544af3135", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.31-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8c39a30b-e043-5e6d-bb89-9d5c91e1930b", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.31-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cf145dad-9afb-5d80-8fe4-531e52fe6567", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.31-tuxcare.4 of org.springframework:spring-websocket. already_fixed \u2014 The target repository (Spring Framework 5.3.31-tuxcare.3) already contains the complete fix for CVE-2026-41840. Both required doOnDiscard handlers were applied via commit 615477c88f (labeled as CVE-2026-22740 backport) merged on May 4, 2026. The code changes are byte-for-byte identical to the upstream patches." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cdc909fa-228a-5057-a8ee-290ed792430d", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.31-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:29afd604-1132-5541-bcae-d02affbed7fb", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.31-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:74e9e578-4ef2-5353-b503-3a7deb73886d", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.31-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:75512ba1-d084-5dea-904f-07d73ea9a672", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.31-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:063c84af-8de4-5da1-aeb6-7cb97a655d5b", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 5.3.31-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c170507b-78df-5096-8d4c-474ab7c8aa4a", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.31-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e6ab5f92-d47f-58c7-a96c-ff10d4b0c59c", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.31-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b062bdab-8f9c-5cc6-a20c-cd0aa085c2cd", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.31-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cb4cb36b-b623-5d61-add2-974457525f04", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.31-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:03852714-d1f5-5bae-9738-b4f872e9ae98", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.31-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d2abea57-ea08-538b-b881-eabe222a7747", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.31-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f923b11b-94e5-5039-8af8-e6deff4175eb", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.31-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2b76003d-7470-5685-8d87-ce594fb953f3", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.31-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c31b3e72-2811-5a5a-ad85-b0685cd357e5", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.31-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.4" } ] }