{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:fc1abb4e-c63a-5c48-b0a6-5e81d6e4bc4f", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-websocket", "version": "5.2.0.RELEASE-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:f0c647f4-2a0c-5d42-8094-38a63c7df30e", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5ea34d37-39ba-50d6-92b3-868a0e736f8f", "id": "CVE-2020-5397", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5397 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bef7cddc-c6f9-5d6d-a375-9b06a5de4e75", "id": "CVE-2020-5398", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2020-5398 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:05a523b2-69f2-5d07-9595-2ef59ab55e41", "id": "CVE-2020-5421", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2020-5421 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6b5aaec9-1776-5a95-855c-7ac18ab572ad", "id": "CVE-2021-22060", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22060 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d4be3236-931d-54cd-9976-f146f80d5464", "id": "CVE-2021-22096", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22096 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4633abaf-6072-5c0f-97e8-0ce829bf6d8c", "id": "CVE-2021-22118", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22118 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dd0ce0b2-046b-51d4-ad2a-aaec63359d51", "id": "CVE-2022-22950", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22950 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e2aaaef3-daaa-5aa3-be9b-83e3e5c54d18", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:708b53fc-6f2e-5067-9c0f-d1a1d41f77e5", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e6bdf285-c997-5a7c-86c8-b1a079bb5aa6", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f8771902-8817-511b-b370-11157132db33", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fff7123d-e36c-51e0-b24f-871132131597", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:84249d53-e310-5f87-87ed-af9083cade9f", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:66174b2e-ab55-5afa-8bd0-5c31447489b5", "id": "CVE-2024-22243", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22243 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:982bc038-44d6-5f07-b42b-cf1c724879dd", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:28de0e9c-4532-57c4-999d-a859ded3cd72", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ab05cbdb-5bfa-5594-b82e-dc16c3bfbde9", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fe922c61-de1e-550e-ad2e-bcc54726ecd3", "id": "CVE-2024-38809", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2024-38809 is a false positive for org.springframework:spring-websocket 5.2.0.RELEASE-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0e4cd299-c0ac-58f8-b83c-d6372135301a", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:16c1abe4-8caf-5f5d-90a2-9ffa92f52c50", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dae40e4a-214c-5143-a3a5-5c3d6e69fe67", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:787a676b-610e-565a-b698-4bc2cf71d4f4", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f6fc2558-63ed-567c-9e5f-72a945862e5a", "id": "CVE-2025-41249", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41249 is a false positive for org.springframework:spring-websocket 5.2.0.RELEASE-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:499e2644-b4bb-5c33-a5ee-4c49b82a49e6", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fc183594-d8b4-5dff-b679-774cfe1112ef", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5464c2fa-fa9f-5a35-9a3c-202ba8eecab1", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e0bf1256-b6c2-5b0e-bb41-f8c4be0555f5", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9134cfc3-be16-575f-b907-5fcd22d3a747", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4f793678-d28a-51d6-964e-5fe5562eb16d", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9b6152fd-eedc-59e9-b63b-b6a8e71684df", "id": "CVE-2026-41840", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41840 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3411c669-9107-5fe2-945e-4d0227b68752", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:77edae41-6398-50d0-81e3-c5624bacfbd8", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e1f78ab6-feb7-5a5e-8aef-c4f0f2f279b1", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9b85c2e0-1f2f-551d-b50d-c84057ae1701", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dd5ab461-2b0e-5552-921e-f4bc0a3520a1", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4304e2b5-3df6-50f8-b300-411a536bdf0e", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2d934d12-284a-5cdf-b32f-f0e937675141", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:262e5d89-4a10-547a-bf38-ba87dc8a9dd2", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:12da614a-f8bb-5c46-bdb2-1c807a01f9e7", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1f9d2bbc-dfd4-5751-ad43-18f3e79cf88f", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:207ae682-645b-588e-8ebd-611996bd3803", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:61dd91e1-3302-5702-b958-2ed6f81e359a", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:34fdc238-05f4-5184-a679-1c19f8fdf296", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:32d9d768-d79d-537a-8ee2-d7194897ee05", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.1" } ] }