{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:08873434-0532-5719-8c87-96ab07c5f985", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-websocket", "version": "4.1.7.RELEASE-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:00817c67-4ef4-57c8-9027-e777c2e05fbb", "id": "CVE-2015-5211", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-5211 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2997ad60-7d7a-5c65-80a8-872fd6c85ac4", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:624f8663-c914-50c7-99b0-244ef352be00", "id": "CVE-2016-5007", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-5007 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ea6949e5-f65c-5425-80d8-a108dd1c1ca0", "id": "CVE-2018-11039", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11039 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9a4f382f-fa8c-54de-886b-ed0e233b2893", "id": "CVE-2018-11040", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11040 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:61843899-f39b-5185-830c-d2c75bcb2a73", "id": "CVE-2018-1257", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1257 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:98e76f2e-b668-5620-9d34-4e6663b14725", "id": "CVE-2018-1270", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1270 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f442da6d-d29b-5e74-914d-9f03f289a334", "id": "CVE-2018-1271", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1271 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b0e2abf6-7e8e-51e4-88bd-4a4b32cea99f", "id": "CVE-2018-1272", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1272 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:32207574-c2d9-55e0-a660-693e5d4ea34d", "id": "CVE-2018-1275", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1275 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:72fb1b99-0234-597e-ae56-40ca03cba950", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4918650d-e270-5e98-b9cb-b699392e4377", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c41ff8a3-09b6-5805-ab6e-6116865ae565", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:106e2315-e6ad-5231-bfcc-cb740a8d60ec", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f8f97a18-e4d8-5aa6-b8dd-27803f2e0f70", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e0772dba-c281-5d46-8319-251acba1e2a6", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d06defba-5271-5330-9d01-4f3fd612976c", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f6617f80-0e16-5a28-87bb-58009bce771c", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f3631256-f56b-5833-82ac-3e7e40ccfb4a", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a23e4a2d-af35-5199-8c42-3d0e16d58b05", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c5b18ccd-c465-5c39-a49b-79c9d1e6b097", "id": "CVE-2024-22243", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22243 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:02a21996-303c-5212-bfc5-e87dfae3fe33", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:970516eb-245f-5dcf-8d73-63edbfe0b7f6", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2f60c275-171d-5267-88d3-2f38584396c7", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4aaa222d-7bd1-5397-9925-16073c591b46", "id": "CVE-2024-38809", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38809 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:35070761-5f4a-536a-bea9-14120615a13b", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cb58ad47-8c36-5cac-99cd-1351a9bd48d6", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c1834a35-fda1-5c7f-9301-f994ecb1ce93", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b873bb0b-5a58-537d-a42b-6fc8b0cb33c9", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d4cc9b81-ba67-56fe-8d12-15384203b48d", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b1a5bc4f-4cfd-50c2-aa1b-44c0520f61e7", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2feaf4c6-dab3-568c-a3cf-53dba6f5634c", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3569b998-d67a-510c-8b0f-f43cd0b9febb", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1c1acee3-7f05-5f73-b833-3491acb6e70a", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:42579a78-a485-59a0-a25e-29162d17d97b", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:40f20cf2-bfdc-5ac0-bde6-4ae01b45639a", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6a913e4e-d77d-5e8e-a7db-e87ea0b4fb7d", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:751ce195-7037-5d03-8932-f5b6787e3cde", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8dfb5a44-1806-5922-8ee0-9415e983b4d7", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8cb10e62-2b73-576b-92b7-f8cfe2a44a57", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c006ce4c-37e4-5dff-b335-893161b6ae12", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a3dd38ed-6535-5f85-a70a-9b13fb9c9699", "id": "CVE-2026-41852", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41852 does not affect version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-websocket. not_affected \u2014 Spring Framework 4.1.7.RELEASE is not affected by CVE-2026-41852. The vulnerability requires record-style property accessor support (empty-prefix method lookup), which was introduced in Spring 5.2+ and does not exist in version 4.1.7. While this version lacks void return type validation for getter methods, it cannot invoke arbitrary zero-argument methods as described in the CVE." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ba485cc1-5c9a-53ab-819b-3d8859eb9243", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d9d726af-2d35-52f2-b4f6-3eb4fbec2f78", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 4.1.7.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.3" } ] }