{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:4aefa4b9-4cf9-59dd-a5ea-bb100742414d", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-websocket", "version": "4.3.30.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:10f31108-2b36-5109-be5f-f8faffaea404", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1beeb1db-e2d6-52f8-b481-0e486605491a", "id": "CVE-2020-5397", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5397 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e6873133-dce0-597e-a4e7-1aa6838251fd", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b1275a5d-fb5c-5364-96ae-7e20d3d0653f", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c2d66592-1a82-5e13-b9fd-7256180f3c06", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:df346e8b-ef56-5cc2-9d34-d1efa6fa495b", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:72415ad5-2a84-5c3f-a631-acd0cd621bf3", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9513f65a-7c18-518b-94a7-620b8119d055", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:852a0e78-062e-526d-be83-1b847ada1d2a", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f0d9152f-2d9d-5366-8b53-932edbbe5863", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dbdce9b5-e144-5009-a899-0d75eae77792", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ecbe8513-be46-53c2-b13b-31dfa8125aae", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a041ed3f-345b-551a-980d-4edd2c1b8dce", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0b48d44c-d55f-5d42-b7f8-6df220c44a53", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:719dade7-6d33-588f-ade5-b5e82512be75", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2437e23d-213e-524a-8092-3a9be597c691", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:17800d72-2cc7-51f5-9cf5-e43909bdee60", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2e74e66e-a0f1-5494-b363-60455bddc0e6", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7aca9b91-7361-529f-b7ac-03c4d615661d", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c45931a7-1b8c-5aca-ab80-ee2d38061ec1", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:23a74c52-951d-5f5b-85fa-a353fd5fb122", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:59667f8b-f439-5967-8889-bac4e3fd7448", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:696bdd6d-2299-52aa-9f1a-f1a135277a7a", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7bee12ed-ac13-5479-bfcc-a390e39e449f", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f46f4b63-e95a-51d5-9011-b6f317ca1e6d", "id": "CVE-2026-22740", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-22740 does not affect version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-websocket. CVE-2026-22740 is a WebFlux-specific vulnerability (reactive multipart temp-file cleanup in org.springframework.http.codec.multipart.MultipartHttpMessageReader / PartGenerator). Spring Framework 4.3.30.RELEASE predates WebFlux entirely - the org.springframework.http.codec package does not exist in this version, and there is no reactive multipart code path. Per NVD, affected versions are 5.3.x, 6.1.x, 6.2.x, 7.0.x only; Spring 4.x is not in the affected range." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:03c80b6c-e3ed-5340-a3e7-87ec07e6fb42", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:667110e8-0bf8-588a-adaa-d95adabe44cc", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:85d58393-ace4-53d2-81f8-bf92ef206dea", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:69ba2ead-ec5f-59ca-ab5e-0c4a51dd2a0b", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:19d309ab-5496-5d00-b79b-eed536df7c3e", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:aad4d2bd-c990-5b81-b4e9-849da833a4f2", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:938ac313-6329-5dc6-a041-100c68436461", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:039e7f69-b940-590e-8833-abd32c540148", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:655ea375-278a-552e-b704-ddb1ca99dbb6", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bd263bf2-1638-5b80-99cc-3cd4babffe1a", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:56f8a873-1968-5749-ba68-4333c550add8", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5eeb58dc-97cb-5b7e-93a4-407952e8050e", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c8b4c417-5463-587f-915d-7853e7b688ca", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:da987203-a9c1-55f1-95a7-57aa9dede161", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:530a369a-6212-55e0-ac5f-578162573ae2", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 4.3.30.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.2" } ] }