{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:d80e0566-9277-5534-abfa-f5ef5a84561f", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.5", "type": "library", "group": "org.springframework", "name": "spring-websocket", "version": "5.3.27-tuxcare.5", "purl": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:f9068de6-712b-577c-b718-ede0f6eff09e", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.27-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c4f0549b-23d9-5c17-aa72-10b1cf57e0bf", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e5a10c0a-c4ea-557f-871f-cf361561e3c7", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:84631a8f-e7bf-5fd7-b534-7a121a385f4c", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:5357595e-2e8e-53a3-90ca-60d506fe03aa", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b6d30870-6208-59d9-8462-1464cb0b31ca", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7d4f9a89-8cdc-5f2f-8a9d-d85490402df5", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:fd7e61e3-fe31-51f8-b6d6-8969121c3d56", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:bcdd72bd-b40f-5145-ad04-cfac7ff154bd", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:39c5531d-ea62-5b01-931f-4c6502b87efc", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b66ba37d-314c-5dcc-a1c2-4b60ad88a5b9", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9d05244f-0165-5550-8a61-684586d30060", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-websocket 5.3.27-tuxcare.5." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ee2e4550-6999-5501-9088-7ec6bdc948ed", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:705e1160-971c-5ea9-9be6-39e595f557b0", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:5b9c4f5a-0f90-51a5-bd4e-8212b43f3700", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:064c2902-7443-541c-8282-f930098be45f", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.27-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b8db6fc9-6f3d-5884-a5f0-34710a6886a6", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.27-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a013bf70-f02f-5197-b4c4-2627869ee910", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3d831b18-0cbf-55a6-a0f0-0f557cbbc0f9", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.27-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b33459b6-d458-5fa7-a58c-c491adf41532", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.27-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:0c90ca82-8ec4-5125-9851-e1e2aa86a4ce", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.27-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:686060fd-08c5-57bb-a583-f09ace04dd4b", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.27-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d7a8abe8-a5fa-5874-96cf-cbb19848914f", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.27-tuxcare.5 of org.springframework:spring-websocket. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41840. The vulnerability was previously addressed through backport commits for CVE-2026-22740, which applied the identical doOnDiscard cleanup logic to prevent resource exhaustion from multipart request processing." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7ff3e593-08e2-5698-8c09-477885fe2c51", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.27-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e67d3a16-ab34-5310-a95b-8a065b332fd9", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.27-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d7a6cf0a-71d9-5afe-9174-4557ed734fde", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.27-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:cd6d6821-6a64-5ae8-996a-60a7ac3ac3b0", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.27-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:769a9221-2a62-5f6a-a484-b92e72fe0395", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.27-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:5080b620-7dc5-5dbb-8764-b0aa0f1e9427", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.27-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:72ca3300-60d1-56c3-beca-35e40985938d", "id": "CVE-2026-41847", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41847 does not affect version 5.3.27-tuxcare.5 of org.springframework:spring-websocket. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41847. The upstream commit 07ba95739bf4451742e4ee6b4d4b2d0ee5f701bf is present in the current branch, and source code inspection confirms the vulnerability has been patched." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3d07c1aa-e4c2-5a4b-bca3-b42f87c2f096", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.27-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:fdcf19b2-e1f7-591b-9de3-2a2c590c4fce", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.27-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f06f1031-48d0-5d9b-b7f1-828262525072", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.27-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:6e4528b4-d3a6-5668-babf-c233d2d4cf52", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.27-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:0c3682a1-4a69-5219-995c-3f2dc8c5990e", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.27-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f91f05f5-8353-524e-a273-41b95fa14209", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.27-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1e91bfd5-4085-54e9-a496-71ae72e65cbf", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.27-tuxcare.5 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.5" } ] }