{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:e0733ff4-0ead-553c-a071-c0c5a8edf3fe", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-websocket", "version": "5.2.0.RELEASE-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:90955d55-506f-51c3-981b-9aeea697cc05", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9bfe1da4-4ba3-5c46-b197-56a7a31718e1", "id": "CVE-2020-5397", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5397 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:79ff8640-756d-5107-8a83-dee365db0266", "id": "CVE-2020-5398", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2020-5398 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8fb05787-5d62-55ac-b957-56037f37a3a0", "id": "CVE-2020-5421", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2020-5421 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a1da380a-de6b-5ce5-ad47-7c87785b286f", "id": "CVE-2021-22060", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22060 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d102953d-c452-5d45-b7cb-90e6e623b059", "id": "CVE-2021-22096", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22096 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:06586513-23e3-5b9c-b212-81adb42e7c99", "id": "CVE-2021-22118", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22118 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6650cb93-da28-5215-aff1-3a168b8fcc09", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:408519bf-d729-5b3b-88fa-6e46d64cd153", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:62238a34-df79-564e-898a-9dea23cde69c", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:432a2e58-db0b-5987-bd53-19758e1abc59", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:852304b2-d796-5fe1-a892-b5f240b1e969", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:203d7d9b-3362-5ff6-a699-69d1b416d592", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8a08d1ca-0591-5dd1-b893-fa4933b1da63", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9cf8f925-6f4f-5ba1-9c5c-de6122ae6341", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:51dbc09d-5f78-584c-92fc-d9decb00d9bb", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4329db5a-f693-5375-bb37-d5330ea9fcef", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ca5aa5c2-0ba3-55c2-863e-672b43fa0e2f", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:777bee4e-aad8-5eb0-ac76-a4ce82425de8", "id": "CVE-2024-38809", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2024-38809 is a false positive for org.springframework:spring-websocket 5.2.0.RELEASE-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5d2ac116-abe1-527f-abca-83ae22410451", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2b8847e0-9c3a-54f8-8fdc-1a5c57408eb3", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fa3168fe-ab0c-5810-9f99-1389fb4a5953", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5bfc4b79-938d-5680-9a7f-591668ae66db", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:78f3463c-fa57-511c-99c7-8b1f6ce6d035", "id": "CVE-2025-41249", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41249 is a false positive for org.springframework:spring-websocket 5.2.0.RELEASE-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e1ae1e65-5e93-5941-91d8-6cd0b1041051", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9e7e6538-cae6-5ac5-a574-eaf16988787a", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4d90809c-ad24-5f69-ae15-e1a13cfe2516", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9127740a-1ba1-538c-b10e-c690e223bfc3", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fee77aa3-902f-5e01-827d-dd0fdaa22d0b", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0fbdf3ba-acd3-5051-8eb5-14ae201a019f", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2ed29588-7a09-50b6-bbbb-6c04c86d4441", "id": "CVE-2026-41840", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41840 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7ecf5a36-2d9f-5d36-8024-791d8a05ee82", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cc7bdcd6-85f0-50ca-a99f-408f2d44e1ba", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3d91ce6f-c4db-5817-a828-b06e6b0bb1bb", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:45a80019-9b71-5647-bfc2-b1a24ce4e09c", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:64156cdf-20cf-5ee6-8327-2412457e9de4", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cc0e5d8a-1728-5399-b7ea-8de525117eba", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d0a8c610-8201-5c9c-aef6-109ef8a170b2", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:dabfa27b-52ff-5b5f-98fc-99bdd9cb6775", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d1e58878-8a72-59c4-8901-8ffeb46c7ad2", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:75555754-fe4b-5eb4-81a1-ae5f150c62fb", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a24066b8-2142-5933-a11a-4477f93d4eee", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b0ac8d22-ffbc-543e-accf-7b6408aa4271", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f25825d8-f645-5317-bb90-d5eaa3833b43", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5a096215-3ae0-5cad-90cf-735300c4f774", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.2.0.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.3" } ] }