{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:9c9615ae-8903-54ec-b0c8-6fa9e55b70af", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.7", "type": "library", "group": "org.springframework", "name": "spring-websocket", "version": "5.3.37-tuxcare.7", "purl": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.7" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:0c134a7a-f2a2-58db-921f-4a7a0dfb8b0b", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.37-tuxcare.7 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:a720432a-b830-504d-8ada-a27bcef4f121", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:c3caa441-ce70-575d-865e-31c46be91eb5", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:45c318ce-79f9-5330-b82b-1d983a7a2fe0", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:09b12933-114d-551b-aee0-e89cd514467c", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:2907b4e5-b0f9-54af-bd29-a5e6f553d1bf", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:e47826a1-c668-5a9f-8bbd-19ead44dd784", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.37-tuxcare.7 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:cd2edfc6-ff73-5b01-9e6d-3a5751e57959", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:8aa7c7d1-5e5a-553e-b659-0031c766fefd", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.37-tuxcare.7 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:c13b6d82-37c5-5aad-9858-2ef894a5e388", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:d6406cf7-2edd-5c54-bf36-4d24f331b049", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.37-tuxcare.7 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:af351b96-6daa-562b-8a5a-0d93b6754428", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:1390a8e6-c762-5e96-ad25-55b048aee2bb", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:e16a41dc-47dd-5792-aa9d-78c9c65a2b88", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:84319d56-61a0-591c-9269-e1fb31184bc8", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:481582ff-78e9-577a-bc89-9c738d6fecf4", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:fc377ba5-69b3-54b1-bed9-636ad8316543", "id": "CVE-2026-41838", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41838 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:83da49f2-20ad-55fd-b4f4-020da9a08299", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.37-tuxcare.7 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:24ffa835-94a8-5ff8-962f-217a7f0f74f4", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.37-tuxcare.7 of org.springframework:spring-websocket. already_fixed \u2014 The target repository (Spring Framework 5.3.37-tuxcare.6) already contains both fixes for CVE-2026-41840. The fixes were backported on June 8, 2026 via commit 648b33d0a3 as part of CVE-2026-22740 remediation, which addresses the same multipart memory leak vulnerability." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:e100babc-e1ea-5556-8d8c-abd14ba25ae3", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.37-tuxcare.7 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:3ca34778-cb3e-5753-abcb-f4de69c8e60e", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.37-tuxcare.7 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:4df42a9b-1b1c-5a48-9479-72cca0a8f6bb", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.37-tuxcare.7 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:b32a6c3e-fd45-5847-9a86-e913b4c4ee00", "id": "CVE-2026-41844", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41844 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:2a3f8735-cdc3-5a9a-96c1-6ac33f6d33dd", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 5.3.37-tuxcare.7 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:df642017-d1f4-5f8f-bb3c-acee2379e4d1", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.37-tuxcare.7 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:e3a369f8-292d-5115-bbf3-d79a56e07648", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.37-tuxcare.7 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:ab24eaa3-8243-5ec4-9482-9084e717f251", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.37-tuxcare.7 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:2f076291-962c-56d3-bb0c-b7c699b1c53e", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.37-tuxcare.7 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:9ff08569-601e-5205-8683-8fb09e3501b4", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.37-tuxcare.7 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:07f07146-0576-519c-bf1f-77a439f42621", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.37-tuxcare.7 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:25a26b3e-4f25-57c8-a81d-ef61b915e50e", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.37-tuxcare.7 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:6a2a7e4b-e412-5488-a4bd-cf1a5e7d4983", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.37-tuxcare.7 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:026a87aa-5a8b-5d23-b49c-b03e0721b263", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.37-tuxcare.7 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.7" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.7" } ] }