{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:0fdb513b-7b79-5ad0-8396-149094c7a4c1", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-websocket", "version": "5.3.27-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:ace620bd-8c2e-5c01-bc7d-5cb98e54cb13", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.27-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ad4e3c71-4f97-598d-96b6-4ec26944ad2e", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:06c09b34-34b3-5b34-9d73-e3139c89adbe", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2920f520-5570-53d0-872d-eafd5995e06f", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7d5ae31e-43d9-5fe1-a95c-bf144a024735", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:605bc529-5cf4-5183-9c9d-baacc21c1c6f", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4920e75a-9535-518a-bae0-cf98e494da98", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:267cc8a3-7e06-5651-9f1f-b7b246fdaf75", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:408cca12-e56c-5903-89a7-8c10b602c7e4", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:96d027df-230d-5f04-abe9-e33ea2891514", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:927f6eb9-d78e-5f49-8ad5-99658c158afb", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:07f414c7-7e73-55e1-ae14-db056556fe09", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-websocket 5.3.27-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2e7c654b-df2f-5d61-93d5-f8de39c7e71a", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2714aa53-5983-5f3f-8ba5-3f18cd7a852c", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.27-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:908ea882-0abf-5e51-8cbc-722221159f33", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.27-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:264b1068-a6c6-5b8a-9c3c-9a1a526afa8b", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.27-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d16b3217-0292-56a5-a916-55e61f3fa0a0", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.27-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c2e1c24f-c059-5638-afe5-fc1405bc41a4", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.27-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9683aee5-f796-5002-b560-f2371f90c2e4", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.27-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7224898f-dd31-5bad-abb9-c739067725af", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.27-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4f2c2ad4-415a-54b1-ab3b-e1fbc66a4d58", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.27-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c8df8016-1578-5eeb-9fca-bd34b7655ecd", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.27-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:74dd3c8f-49b4-5fe4-bbee-989fb95a37a1", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.27-tuxcare.3 of org.springframework:spring-websocket. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41840. The vulnerability was previously addressed through backport commits for CVE-2026-22740, which applied the identical doOnDiscard cleanup logic to prevent resource exhaustion from multipart request processing." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:97472ae2-131e-5ec2-b368-45d6e91970a8", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.27-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b18f7c11-6d46-586d-aa21-44e41566ef6b", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.27-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6edb7fb3-30cb-5abb-9fee-82f75db55f92", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.27-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:15d89040-94d3-5295-a7b4-000df152c82b", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.27-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:92b36071-e653-5e5d-9f68-9c0a81a916ee", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.27-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6cc9171f-bd68-588a-af43-30f47ff5a27f", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.27-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:186cdf9f-6e5b-53ef-bee1-da0f64a02b5a", "id": "CVE-2026-41847", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41847 does not affect version 5.3.27-tuxcare.3 of org.springframework:spring-websocket. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41847. The upstream commit 07ba95739bf4451742e4ee6b4d4b2d0ee5f701bf is present in the current branch, and source code inspection confirms the vulnerability has been patched." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:03d5e631-da3c-5c93-924c-5f2ac7c67045", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.27-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:654e5939-d8fc-57a2-8b72-57706bd7c590", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.27-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:275974b9-b011-5744-bb15-ad8e21dcbec2", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.27-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f2b0a92c-9956-52f3-a72d-ff1ab469b908", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.27-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3b3010d0-0b8b-5a17-844c-848974973053", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.27-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a3e248f8-c8c2-54da-9d41-094058084b9c", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.27-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bc9d2898-6e63-547c-8aa7-ad810e16d19a", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.27-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.3" } ] }