{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:14acb050-af3a-502a-99bd-bed97ee51cc8", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-websocket", "version": "5.2.13.RELEASE-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:3461f609-40c4-51b9-9c37-b2b0e7326c02", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5fd81125-81cc-5d62-91ad-32d261468616", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e73c9534-3e16-5582-bb47-b2250fbfc739", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8887c225-4433-5918-ac93-81bc6f10e3b1", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:04870162-e0f8-5367-b763-91cee400e60b", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cbfa4e16-6192-5b01-8eed-0e7ef84cc801", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:851c9372-42f8-52b5-aeb5-4c5219b94693", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ad8a2c42-63b3-5948-b9e0-8bd48eb8e17b", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:db184401-17ab-5301-8a8c-01c5fab581f9", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5ce2a635-2246-54fa-84c3-709ec8ec0a2e", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f22fd77e-e712-5e99-adc1-a8bc220e13b6", "id": "CVE-2023-20863", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20863 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:77d09714-894f-50b5-add7-8910086bff97", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4378c121-ba98-5cb0-9324-8118b7a30e2c", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3f9b6092-8af7-5719-b90f-b767e15bd740", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0d3d7eaa-db27-5993-ac48-2b23416b61b2", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fbe60f03-cffd-5173-9926-92f28ce63ab1", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f97e5fb1-1a17-5207-b5ab-4cb235106cec", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6c96e0b7-7f81-5d3c-b153-b990849eadd8", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:67f8d6b4-fc79-5231-814c-a94296bbbb4b", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:033ad93f-e980-5c32-b706-890360689990", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:568ea1fb-34c5-5dbc-9b52-46618410e7a8", "id": "CVE-2025-41234", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41234 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6dc99f81-81d4-556f-91a4-bb20f11d18c3", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f0e15b8c-059d-5666-ad87-b75eaae813cf", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:77409e78-249e-5801-ad28-61925d7e1eb3", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ab46beb1-7fcd-58c9-baba-ffda4231f2de", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:300bb8f6-6e9a-5094-88c7-60d3539edc93", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:99db13ee-d2e2-53ba-a14c-15af210fc22d", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e97b6753-6af1-5738-9dc2-15a24d6232f9", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9219ce60-0532-581c-933e-88ff2a1307d9", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-websocket. not_affected \u2014 Version 5.2.13.RELEASE uses a fundamentally different multipart parsing architecture (Synchronoss NIO library) that does not contain the vulnerable components targeted by CVE-2026-41840. The CVE explicitly lists affected versions starting at 5.3.0+, and the patches fix issues in PartGenerator and MultipartParser classes that do not exist in this version." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:111cf617-1930-51ed-ba67-2a5bb3dc5243", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0dc56a59-adb9-5c1a-80e9-a9e00c00412f", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5f254e07-2a1a-5261-961c-fb0d6b10b4c0", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c86f1653-3532-51d1-9ebb-079f78dc4769", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b86470da-5061-537d-aff7-9b7b7b8a0133", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8078701b-a215-5ca0-be26-2f6cba544c2f", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:19bdcfb9-1200-5d21-a989-356ecc5f16d6", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:67c95fe5-47fc-59d7-92b3-7f30e852b0b1", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b51b9248-a023-546a-b003-455bfcd92c81", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e9ff90bd-c818-5624-9471-d54c3de59e25", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4c3de7a5-65f2-579c-a502-f9fed6ff47ae", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0e3861f1-c1d0-590e-9644-61da177d7e62", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:83c6f588-c0fd-5165-8627-89734b698e6c", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:af0bbfcd-fcd7-5179-92cb-492cb50b3e80", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.2.13.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.3" } ] }