{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:cce40714-9359-565c-8111-d846ebcd11ab", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.5", "type": "library", "group": "org.springframework", "name": "spring-websocket", "version": "5.3.31-tuxcare.5", "purl": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:a28f7bd9-295d-59b3-bc17-37a4d25de778", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:93817241-29fd-50c8-a6ae-a18fe0db50d2", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:edacb193-2f2a-5f85-a7f6-f49c3579b3de", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:25608db7-a78a-5362-8ddc-c732ede352a4", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:363de32c-ed99-559b-9bc5-8abadf364d28", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:94df306a-a795-54f6-9e50-138b74e1b69a", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:6d7b56b1-eb2b-5a68-afed-c15d03a1fae5", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:bab3f5da-aadc-5c2c-9cb2-add4a214ff50", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:10483f7b-db72-5cf1-8c95-3489d1eafc47", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a08c0bba-fe16-5517-8346-9c3d3fd6a2dd", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:2f5573b9-db02-52a1-af4e-156742557965", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:dac98b1d-7e57-5405-88e0-c64ab81d2c60", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-websocket 5.3.31-tuxcare.5." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f8b4c5bc-55be-5865-91cc-d0822d794e2c", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:bbf93f38-fc74-53fd-abd5-d10e5295ccf1", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d0af09f6-7b73-58ff-945a-f16df9ec79cb", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:08ddf2ec-60b9-5220-9619-7260e9ec9eca", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:bc3552f1-ea7e-57b4-84b7-5463620f432a", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:cb1820be-0db4-553e-ba24-5ac7492a23df", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f137ede4-c1e9-571b-a03c-0e09a8437371", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.31-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a993005a-9c25-5ebb-8686-aa336e497507", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3da716a1-7400-5035-b838-5c5b417c7355", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.31-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:6c5581e3-f2b1-5330-abc3-15480c38d57e", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.31-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:cdaf9500-985a-59ed-bbf7-766a1cc332f7", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.31-tuxcare.5 of org.springframework:spring-websocket. already_fixed \u2014 The target repository (Spring Framework 5.3.31-tuxcare.3) already contains the complete fix for CVE-2026-41840. Both required doOnDiscard handlers were applied via commit 615477c88f (labeled as CVE-2026-22740 backport) merged on May 4, 2026. The code changes are byte-for-byte identical to the upstream patches." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3230bd7b-db0d-50e2-8246-4f15848aa67d", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.31-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e575d2a5-2a3f-5a7e-bd7e-df7e7712d5b9", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.31-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3963a757-fcc0-5e67-a5ce-4b191ea1b6a9", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.31-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:29402e9f-4fb4-58b1-8742-677d930fd34a", "id": "CVE-2026-41844", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41844 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1e4307dd-f6ec-5535-9945-1e3b507ff2b3", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:05d73522-cb33-575a-860b-8c69d8399cfd", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.31-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1f92e007-44e2-52eb-bb92-161151062e7d", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.31-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:8db8b746-e1a9-570b-ac4c-98117f407fa9", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.31-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:6cecf111-68fb-5c37-b4f9-a76fb4ae24e5", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.31-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:360b66d1-fa29-5131-9fd9-ce6228d0d056", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.31-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1fcdd9f3-51f8-53fa-8438-18a0db2640e8", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.31-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:535de450-d76a-5ad5-b10f-a9a49afb9b39", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.31-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ad2dc291-515e-52b7-a0ba-bbe525fc5e4d", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.31-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3f0636e3-3c5d-57e5-a589-db75b17634ee", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.31-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.5" } ] }