{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:dd8b2d41-f050-5151-8b89-e03e2ab45e66", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-websocket", "version": "5.3.27-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:be2b0844-41ca-55bd-aacd-cb3da87886d3", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.27-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:abe3c305-6b80-5daa-a135-7a9d192b0db8", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:153bebc7-7cf0-5763-a2b8-a67df9b2a7ad", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:32d30fcd-e150-52f7-98c5-410a9982e06d", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c08008ff-91ed-58ef-b9b9-c5ab4835c35f", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6ad54abf-96c7-515a-a37e-069ce33305ec", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e1a3f76b-c517-5b06-b18d-e1ba8b834871", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2dd367b5-ffa2-5013-a584-ea2f831a64d8", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:62d621a8-b5c6-594f-bb0b-fa1b2fb2c231", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2f047d1e-29a1-5ba9-a5c7-af2728099170", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:deceb0b9-bdb0-5494-ab19-15312a4bbb98", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a112b2ff-5d1e-5571-ad01-1f10f1ec3864", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-websocket 5.3.27-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f3d666df-7546-5db0-8de7-407be2d03d96", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8ea314b6-43e9-5ef7-b88e-870d93fa90e6", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3744abba-e0a2-5840-9148-21e1080e8cf6", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e5959a0f-2544-5f13-a70a-ce806f31d1c4", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.27-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4f9162ae-4916-55c6-8704-7352fc881058", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.27-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e5528370-6d30-56c1-ab00-8ee31495b07c", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.27-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:438a0c0e-c878-54f3-b9c1-b03b6756ec5f", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.27-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a2cac601-3949-50f0-b0a1-eaf7b3fd89ae", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.27-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:447bbbae-5c18-59e8-8fd9-e95c879d48d7", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.27-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:fea5210e-6ab2-5780-b1aa-973d1a8e816c", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.27-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cf15a3b1-5ad7-5f84-808f-6676bc023ccf", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.27-tuxcare.4 of org.springframework:spring-websocket. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41840. The vulnerability was previously addressed through backport commits for CVE-2026-22740, which applied the identical doOnDiscard cleanup logic to prevent resource exhaustion from multipart request processing." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:386288a0-9f2f-5ac7-ab14-ea458726e69b", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.27-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5319b7d9-ccc7-534d-a9e2-eb532c6b183a", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.27-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4da8e395-1a70-5e62-82b9-1aaf37c673b7", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.27-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:955822b7-0b6a-559d-ab10-55efee1315e5", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.27-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2628747b-85ec-5c90-85c8-70c4f3dd5d35", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.27-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a02aaac9-0819-5f73-9a16-c31bfffc198c", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.27-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:10919b01-9519-501c-804d-793f9056eee5", "id": "CVE-2026-41847", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41847 does not affect version 5.3.27-tuxcare.4 of org.springframework:spring-websocket. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41847. The upstream commit 07ba95739bf4451742e4ee6b4d4b2d0ee5f701bf is present in the current branch, and source code inspection confirms the vulnerability has been patched." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d3aa3ea7-c5e1-5a5b-b74b-331ceea8e7e6", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.27-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b21a53ea-356f-5ea4-80d9-7592309dc468", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.27-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ad6f2cc4-12c7-5cfe-9905-6511170b904a", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.27-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b9771343-8f84-5006-b5f3-ce8be5ec10c7", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.27-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7d21cc2d-00f1-5eca-91b3-7b2f48f423aa", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.27-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f76f1a70-565f-5ebe-9199-3b6f8bdccd2c", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.27-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:31617054-656d-5f97-bd72-18222075621d", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.27-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.4" } ] }