{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:e6d8c24f-3b18-5864-a249-1a695f4c271e", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-websocket", "version": "4.3.30.RELEASE-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:72565f32-1bc8-5b94-ae20-e7729ac89e1b", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:385fa595-191e-50f7-898c-056e9362d5f3", "id": "CVE-2020-5397", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5397 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fef91897-f8af-5025-8c93-372bf3b0dd29", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0b63e30c-922a-55b8-88bb-27c47aed7789", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e06a53fb-f78b-506f-b187-346c777d908f", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c222bb72-d53a-50d2-963c-f6fd19bf0c29", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6cca5089-f5d8-5d1c-bbbc-f5e619622eaa", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9c6a6cac-d56e-5e9e-947b-b941879a6455", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:af5f558e-f32f-5fea-9d9a-580350509d47", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:800a26c9-aef3-5569-acbb-e1af5f53e8e0", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:41d30f4c-6d92-5681-a03b-7b315ba280d8", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:18a4ff0b-b7e9-5215-abbc-bc18044296c9", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:18b15c9e-6233-567a-80c6-9f50db6579cd", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:21c4f9a8-34ad-57cd-94ff-69925c7ce335", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:186fb22d-6fc9-5526-a737-79edec2b7501", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e10e397d-f20b-53d7-80c7-23b442de1761", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:42bcb5a4-aa2b-53da-a1fd-fd9c5a377bbe", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ab2a224a-f6f6-5b6f-b029-732cc366fb72", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a7945325-bb54-5c3a-b324-37e608f0763f", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f061fb2c-9e52-584f-8cbe-7da1536e52c4", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6fb1352e-1207-57da-ba90-b28578c097bd", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:153e3b06-78ed-5b15-87e5-309f9d71e852", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1dc35cee-c55d-5c67-9164-b15174c2fa2d", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:00544536-93ca-51b6-8232-32a79c870b45", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fe98c4ce-bb1b-556f-9435-668d17ed8828", "id": "CVE-2026-22740", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-22740 does not affect version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-websocket. CVE-2026-22740 is a WebFlux-specific vulnerability (reactive multipart temp-file cleanup in org.springframework.http.codec.multipart.MultipartHttpMessageReader / PartGenerator). Spring Framework 4.3.30.RELEASE predates WebFlux entirely - the org.springframework.http.codec package does not exist in this version, and there is no reactive multipart code path. Per NVD, affected versions are 5.3.x, 6.1.x, 6.2.x, 7.0.x only; Spring 4.x is not in the affected range." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5857ff43-8cb4-5e00-8263-63524f04c82b", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d441dddf-0b5d-53ae-8cb1-af913e731dd0", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f6665926-112d-59dd-9f87-a58a2864bebf", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2f922649-de7f-5260-ba0c-e58de8fd3e3a", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e7885f68-1bfa-5414-874f-91a652c547ce", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:596e7c0a-27d0-5cf8-8a58-4873d0a659c6", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f94e8f91-e473-5d68-bb25-0c38b8880ba6", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0ad894cb-5b1a-57a0-91fc-5c8f6e63ff0b", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:31e041e0-62fc-55cd-9f87-d6afefd3f1ae", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:504358e3-83f9-5d1d-b034-3e9e41e3faa5", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1484efce-8c1f-54e8-b443-bf77083cd603", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ae3deb3f-a89b-5c09-96e3-5502e41af773", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:231786f7-29fd-54f5-9906-d6833e6b1153", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fd0babc9-9e56-55a5-a9d6-a3945cef6af1", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0d864a2a-836b-50a1-a3d0-966261323e67", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.3" } ] }