{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:00fc52a9-73a1-5712-8b01-a87c13ae009c", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-websocket", "version": "5.2.13.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:1e56da08-aae4-597d-847d-867d071971a1", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ecd5d8bd-3341-5c6e-9b64-f5782e99e929", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7059ba96-8005-5622-82f6-0e8a4fc8ea50", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ba43619f-4426-5afc-ba60-0eb13ff29d5e", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8822723b-a534-5ea7-934a-56547a1951fa", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:659e312d-1219-51d6-b313-0ff35c25c5fa", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e7dcf540-1c29-5e7b-adbe-690db4a417ce", "id": "CVE-2022-22968", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22968 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c1886ab5-56d8-5298-b810-e6e28753a2c5", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e79d082f-7d48-57a1-a45d-1f41d6a379e7", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4c2775da-7915-55ef-9108-05be7f383bd4", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c48176d4-de58-59ad-841b-ffb52763b0e0", "id": "CVE-2023-20863", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20863 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9cac425e-4c92-5344-a2a0-c02f5148821a", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8ea52e61-a10d-5b70-b19c-05d9ad36d06a", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c86303cf-e130-56b4-a823-777fc7be17d9", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:62d88b99-a07c-575e-ab80-5a226911962b", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8cbbadc4-cb2b-5927-ad71-84569dfed9c6", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:20dc5184-1d9d-5d70-9bd0-1703c66b1955", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e8ffbefb-dfc2-51d8-81ca-3827c4e812a1", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ef57c40f-de1e-54f3-b044-5966278b25d5", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2dfb6846-f246-53bd-a7ca-5362fd258056", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dba855af-640a-5950-b170-5344cf8968a7", "id": "CVE-2025-41234", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41234 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:94ff1d38-f47a-5dba-8059-e53bdec3e279", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6c50eaa5-6a75-5ef1-af8b-5b1db171176f", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:37bb3b6b-8377-59bf-bd56-85305c4be6a0", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:40e45bf8-427c-51a1-902b-fab043a58c29", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4fc628dc-1637-5908-9cea-8a39d5987234", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a7db3000-2bec-54f8-929a-53c5d8bf1492", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2e8fc142-0a8c-5181-9b3d-7bd428bf0d9d", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9bdba8ce-b6f9-5f30-814a-666f6d0bbfbd", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-websocket. not_affected \u2014 Version 5.2.13.RELEASE uses a fundamentally different multipart parsing architecture (Synchronoss NIO library) that does not contain the vulnerable components targeted by CVE-2026-41840. The CVE explicitly lists affected versions starting at 5.3.0+, and the patches fix issues in PartGenerator and MultipartParser classes that do not exist in this version." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bc8e1e36-d2f7-5578-8a94-d1a72e01fa64", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d2a30651-0177-5b91-a6d1-7dd252646a94", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:907290ef-f487-5fc4-91c7-8591c8cca512", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c3805004-d8db-5445-8922-3ac30d876d2d", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0a43720b-b4a9-5134-803e-e99bf603f6e3", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6c9b7cfc-fc23-556e-aafb-39573cffdfc2", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f00cf639-d7cf-55ae-9681-5c508b7d0df4", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:45b8ff17-ace9-5d19-90cc-fc0c369c39f9", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9b97a448-93c1-5926-9b28-f935c2a46114", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fe1c06c6-db20-5c7e-a5cf-909e43c724ff", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e61399a0-a9b2-53c1-a011-a471c1901952", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:892de524-8c92-5703-b4dd-e9340dc79de7", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:529f9711-0cc1-5667-bcdd-eff513fbe305", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3314bbee-8207-59e1-8a73-5be4aa0d6dc7", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.2" } ] }