{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3d8c3e9f-4337-513b-b32c-0acc8937ed20", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.5", "type": "library", "group": "org.springframework", "name": "spring-websocket", "version": "5.3.37-tuxcare.5", "purl": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:5370c088-340e-543c-9349-1ca94f4ca901", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.37-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9d904917-7fb9-5c90-9ed8-225176501061", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:74f46e60-9451-56cf-970b-b6dd09731e7a", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:560eff9c-f790-51e1-bc02-546c517637b8", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:6d6d5b50-2592-5601-aed8-b591cfa5ea36", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.37-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:345381c1-46a2-5b74-8231-72762da9d5a6", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:670b134f-3c32-5bdc-924c-785a3383be97", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.37-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c9a36eb5-d126-562e-bf95-edfc6a12c308", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ee4b7f33-ecb9-5a45-95b3-e84a2e54f291", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.37-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:117d009c-ba41-5923-a746-ce55435b3d0c", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:8ea18e0d-3478-5bc6-895c-fac428a9ecc7", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.37-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:21490e5a-a09b-5690-87d8-d2cd1c7d6388", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:28872eeb-ea31-554e-8939-60539667ce2c", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.37-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7d919e42-2421-5ded-a850-8c02e9fcb834", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.37-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9199d011-30f1-55ba-a636-5858f41bd514", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.37-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:df9eb4b3-dabb-5b79-a6b9-aefff237ab1b", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.37-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:6271aec6-45a1-565d-9280-260439657fa0", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.37-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:215144a2-bda0-5096-9c68-56e80cf998e5", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.37-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a4905176-0525-50f2-8669-99bcd6645045", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.37-tuxcare.5 of org.springframework:spring-websocket. already_fixed \u2014 The target repository (Spring Framework 5.3.37-tuxcare.6) already contains both fixes for CVE-2026-41840. The fixes were backported on June 8, 2026 via commit 648b33d0a3 as part of CVE-2026-22740 remediation, which addresses the same multipart memory leak vulnerability." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:40c276f8-aae2-5f3f-b918-ff12bbb00e1f", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.37-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b22ac78d-b318-544c-a095-f84bc76d0298", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.37-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1960c8e2-46e4-5e5a-91c6-bffd42d109b4", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.37-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:8b75749e-7f24-51a3-9a94-cb5ae2e83940", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.37-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ce5e11fd-384a-570e-824e-0b70cdc35883", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.37-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f551c897-45c5-50ed-8bbc-ba44d707f52c", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.37-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:0e54d597-6864-5767-984c-83a65619b0ad", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.37-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:5abf75b3-c882-5141-ab0c-cc6a6866653a", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.37-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:47f20f6d-e813-54da-b619-8bdfc1f09df0", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.37-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:16023263-648b-549d-936a-469c41d9a9bf", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.37-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b3706c5a-1bf1-5343-8013-d746e51ce27e", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.37-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d1430c96-3b9a-5d58-9e2e-c0d1eede81c6", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.37-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:98f1f066-9edf-51ff-a768-0d27ae465a7f", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.37-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:fa8a3950-72d8-5e03-8504-00f09d32016b", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.37-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.5" } ] }