{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:5f142570-909c-5a06-9367-06016b70ffc2", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-websocket", "version": "4.3.30.RELEASE-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:e1fce3a8-98f3-5a09-aa49-82f1dfc79a82", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c7c01db4-c6bb-58c9-8bf0-1dd01cd1c9a6", "id": "CVE-2020-5397", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5397 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a15b7748-6716-5808-9fdc-c433fe241c88", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e694adf5-eacc-5815-b684-f9fed81f1afa", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0148a478-179d-5598-92aa-c5496b1c0027", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b0e86d01-f768-5677-80d4-aee6544b3c8f", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5710e836-bf75-5e05-acc5-2390783781f2", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:22bab141-7346-5110-96a6-e76e1106972e", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:960d65b0-09bb-5bcd-b989-9e1af63cc53b", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a82db66c-2237-5e5e-b4b0-d8e975a63c4a", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7ab153bb-d8eb-540a-9654-7559fd0640b2", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:84c7f674-b9b6-54c8-b5e2-3b21102c6603", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:16bc2b7f-aa32-5226-9d97-a334936fec81", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:28033da8-71a9-544f-95b1-8d765d5f3fe1", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d3310db3-012f-5864-ab5d-2d25468e3a8f", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a99f5a4c-a807-5549-8b8c-eaa3cd1595f9", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ed732902-8a2d-5704-8cf9-32f245d8cc33", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1a8824d5-f2d9-543d-baf1-5c3fb5dc8086", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:72467d65-013e-5ff0-acdf-7ffa623c6fd7", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5ed07750-40e6-57bf-a1be-7af5a3829168", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5191725c-dd77-50ae-93e0-896864565405", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e34e1e66-bc00-56da-9881-a56080c74086", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:549c86e7-50c6-5709-9d4e-5d8baeb53f03", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4e13f11c-9919-586f-8d53-2bcc119d7e0c", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c39968c0-4ed6-5c82-a40e-26a1ba77cf63", "id": "CVE-2026-22740", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-22740 does not affect version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-websocket. CVE-2026-22740 is a WebFlux-specific vulnerability (reactive multipart temp-file cleanup in org.springframework.http.codec.multipart.MultipartHttpMessageReader / PartGenerator). Spring Framework 4.3.30.RELEASE predates WebFlux entirely - the org.springframework.http.codec package does not exist in this version, and there is no reactive multipart code path. Per NVD, affected versions are 5.3.x, 6.1.x, 6.2.x, 7.0.x only; Spring 4.x is not in the affected range." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:eae5f9a8-a221-5b2e-9fde-448447927f5f", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d9462158-6900-5639-a5d0-edd0584f32d2", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6227e995-d31f-5c74-9c79-9644cf1803b3", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0ef7917d-7f9e-5971-9358-b924e07c8a41", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:83dd5676-d037-5610-a288-9b6963ac91ba", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1104e1d7-56ac-5150-8012-ad43e0677842", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fcce2f72-8e19-5e9a-a6b7-82d8197e9184", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b08274c3-e6bf-5d9c-8e60-3a00cd8b6e8b", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:50061390-f992-584a-b62b-0d01675c5ba1", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9dfea2b4-9ed1-5382-980d-c0ab1e0dcda8", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d2662f8a-13bd-52ff-9590-9424efdddfa9", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:714dbe29-bedc-536d-a474-464eef10040f", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2c6f37bf-7ea4-5186-9648-364bbbb379c1", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8517f1f9-32e2-54e5-a3b3-382b652bdca4", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:22506f4d-1faa-587b-93f3-813323d65fa6", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 4.3.30.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.1" } ] }