{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:015b0d0f-aa97-573c-9e21-f47b8cb6b0a1", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-websocket", "version": "5.2.0.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:07c2310e-c916-5106-a50c-962549e4a136", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a992b7f4-a8b8-5249-9bf4-17b3aa17f061", "id": "CVE-2020-5397", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5397 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f78ddddb-ca8a-51d4-a735-00b5e15f7bda", "id": "CVE-2020-5398", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2020-5398 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4374f952-4522-5b92-af4e-6319dea87571", "id": "CVE-2020-5421", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2020-5421 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e4e6b47a-3514-5047-bd61-2752fbfa391b", "id": "CVE-2021-22060", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22060 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d936f62f-26d7-59ca-967a-ea15f2682b4e", "id": "CVE-2021-22096", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22096 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1fed64e9-223d-5530-85f8-ecb250688baa", "id": "CVE-2021-22118", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22118 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:da1b87e1-2ef5-5709-b449-8dd787cd31b8", "id": "CVE-2022-22950", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22950 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a1ada373-897e-5f19-bd55-135eaaab0805", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2ee82d94-f40f-5ee7-a759-849acfd84942", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bda0c103-bedd-5e4c-8cfc-4495ed2ff7c1", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:762f7a62-b680-5f8f-9855-33ecace09c10", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7cad0638-30ee-5b04-a81b-c239c21f08b9", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6ae44cea-2124-5bb8-aa05-6c8f5bd8197b", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:59c144a7-af3e-53e5-9537-1fd9004c2214", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:66a53ba2-b72a-56c3-a0a5-f009f3064063", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:30d505f4-310c-5a37-98fd-bf2a5fec65a1", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8ad5c60e-d1a2-580c-9fd3-aedd49ca7776", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a9297717-04df-57c1-b7ff-1e47e9cf9d2a", "id": "CVE-2024-38809", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2024-38809 is a false positive for org.springframework:spring-websocket 5.2.0.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b16119c1-68a8-5271-bbe9-08c1b8963b3c", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7acfe5f2-f5e9-5b10-873c-76e6386c82ce", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f35c332f-d220-5f4d-8959-f4ea9b7d184a", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b1392da4-5f7c-52dd-bf30-df5a35898fc9", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4bf47468-0abd-51f3-8be3-b846bc02f55c", "id": "CVE-2025-41249", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41249 is a false positive for org.springframework:spring-websocket 5.2.0.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c4dee552-a732-52d3-8b0b-63afb14b4021", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fe77777a-0170-570e-8530-e097ea4fcdce", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:aa95d635-6f60-5554-9ba8-5a4752a3a867", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dc500394-3c43-5c7d-af40-fb85abb77b08", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c3944573-97d7-50b4-9fbe-4eef9ac1f70e", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:30aa90d3-d284-5d41-8fbb-528ccf2e2e04", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e897a8cd-82fb-5634-b477-799379364c21", "id": "CVE-2026-41840", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41840 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3cf68ecc-69c8-5eab-83a2-67dfe818b981", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d1538373-7b55-5aef-b724-30607d121d76", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e66c1a2b-d34d-5088-9555-4ef33804eca4", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3c39a9ce-79d2-5005-bbe7-d38fe5a7257a", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:14b53e5f-da2f-5f0b-a53b-2eed287351da", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:123b4a9f-540d-5f1d-a152-6460a33b3571", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:59ca9a49-48bc-5517-bfc7-6a87d933652f", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4a9c1ef9-48fc-5466-a277-43d897763923", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8afad314-cb6a-582a-ad1c-d92c4090def5", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a9690a4c-01f5-5b52-893f-0d6ac7fbc510", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6fe7d6b6-6959-534d-81b6-6dcace9952cd", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:85a89afe-8cf9-5312-a091-1336b3f8bd45", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1977fc41-c5a3-56dc-8f02-9ed7c2005b40", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bdac70d6-95f7-5cb0-a67f-87e0df7dfbef", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.2" } ] }