{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:b2ddf3d9-3c6c-57c2-be4d-3310b92083ac", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-websocket", "version": "4.1.7.RELEASE-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:77627616-8196-5a3d-9f47-d4045abdf05a", "id": "CVE-2015-5211", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-5211 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2df3e812-2002-57f9-8e06-4764b992b593", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:606ebd22-de12-5ea8-92c0-67539a3934f2", "id": "CVE-2016-5007", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-5007 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:531191d0-48a4-5340-90ad-cb0b6ce5d573", "id": "CVE-2018-11039", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11039 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d30db11c-c881-5650-8813-2a34947232f1", "id": "CVE-2018-11040", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11040 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:592d9ab6-957f-57bc-bede-6405e89d2717", "id": "CVE-2018-1257", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1257 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ffba32cf-0a64-5ec8-9a3b-2a636c661f8b", "id": "CVE-2018-1270", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1270 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:61d25b47-6348-5c7b-8f28-2ffede1c2914", "id": "CVE-2018-1271", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1271 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:de34959c-7521-5969-b2c3-e18426fba256", "id": "CVE-2018-1272", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1272 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b5aab0a7-d958-5d41-b9fc-225b1ed7e629", "id": "CVE-2018-1275", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1275 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6ac02bd7-ecaf-5b89-9523-c8b3b5ed83e4", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:65fec36e-b5ef-5a0f-ad35-54039e6c4cb8", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8fe41a9f-e8dc-5fa4-8e59-72d08ada307d", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e9e2e92b-d419-5812-9ad5-051d2c77cd41", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:41959c1e-b79c-52f8-8a61-c5b6e6db9531", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0fc411ab-740e-535e-b993-4f92ebcd8eb6", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c341b481-6801-53e3-8853-75121220ac00", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:60cab861-abba-53ec-a27d-eed5077ca572", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:39a921e1-0522-547b-978a-5a645b5b8568", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:db74df68-f5b4-548d-9aae-1977fdda23a4", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1d810a45-dd54-5470-b908-f88a8d238a0d", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f2982680-d4ca-5e53-8c82-100fb79818b7", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d061311a-7d1b-55e4-950e-12c413dd814f", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d457d22b-d5a2-5a31-a844-888cb22724b5", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8eacba35-33ab-5ebb-b52f-fc538be91610", "id": "CVE-2024-38809", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38809 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a459fb43-8ff2-5f74-bd0f-29fd1f020197", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2314e99f-115e-565c-8d09-bec64332cb41", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a8ee47be-ba66-54dc-bfb3-dcac9fd95eb4", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ef0b6ef3-68e8-585d-ae68-eba2672ee22b", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:330c19ef-3aae-58dd-84b6-900a9813392b", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:62ed8b85-811b-5cde-b558-d4f926fffec6", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4d4fd81b-24ae-59a0-85e4-c6d710600b66", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f374ddaa-dabf-5020-8867-7944dc1a68b2", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c178cf79-f5bd-5221-b105-db8a36bb8838", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b40fd60f-2ab4-5fb9-a533-af7e8536bf0a", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2755e751-b190-5bc1-ab3d-25aa8eb1a2e5", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b1cff7b7-7b52-5401-9853-38a65c626cef", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4e7a6139-9723-52f2-af40-09ee7b6ede16", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:1d8be623-aa2a-584f-bb3c-aedc88d5ffd3", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ebf42bf1-e5fb-5ba2-9c71-fc4607783a71", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a76c7c0f-eeab-5395-9241-77f3984cb279", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7f68b271-3e9d-558d-a1a3-d17cc8019e70", "id": "CVE-2026-41852", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41852 does not affect version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-websocket. not_affected \u2014 Spring Framework 4.1.7.RELEASE is not affected by CVE-2026-41852. The vulnerability requires record-style property accessor support (empty-prefix method lookup), which was introduced in Spring 5.2+ and does not exist in version 4.1.7. While this version lacks void return type validation for getter methods, it cannot invoke arbitrary zero-argument methods as described in the CVE." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0d0360a2-08fe-533a-8d5a-45e199892f50", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:869b836e-68c9-5f85-89ca-c836b32492c4", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 4.1.7.RELEASE-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.1.7.RELEASE-tuxcare.4" } ] }