{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:39d95e93-e9a9-5d28-8f02-d5e1c93e3737", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-websocket@5.3.27.tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-websocket", "version": "5.3.27.tuxcare.1", "purl": "pkg:maven/org.springframework/spring-websocket@5.3.27.tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:e64a82ca-9fb2-526d-8a43-9514f9f170cf", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.27.tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6bdb5f75-674e-5846-ad55-e44abfc47c71", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d3c9418f-e628-5f6e-a497-4e587b43f028", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b6c5fdb8-580a-5850-9213-d24e6ad2a0d1", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.3.27.tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6d6a9642-c5c4-5d27-945f-ceeead9d6ee3", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3ba93518-85c4-5ad3-9087-1fd3926bb4ae", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4c324fb6-f4b7-5b6f-b2da-e319f24aad89", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 5.3.27.tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4bd0da37-21ec-5eb3-84c2-2c3976c648a5", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.27.tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8313f9ee-e39f-53b3-87d4-30436c4c1f45", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:23b577ca-8b43-55bc-9768-92929d04f898", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:32862c8e-861a-51ac-ad52-454902257259", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dac8ff8c-6bb7-5521-abd9-ff47f178cf70", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-websocket 5.3.27.tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:21a07b05-1a7f-51c9-8052-1683298f87e5", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.27.tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8aa69945-2006-5d3d-b4c6-50b3cb559bfc", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.27.tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:28659584-633b-56b2-8a90-f862c480d6c3", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.27.tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a24f49ef-ed5e-5a14-8f2f-77f59b63f321", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.27.tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c8b4719a-c00b-55ab-80bd-885410ca111f", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.27.tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:53c66364-1a5f-5363-9fbb-5eee1796b884", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.27.tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1d33f426-9bfd-5096-9a3e-088a12b8e542", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.27.tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:01a8090c-222e-5dfb-910b-60a4c6356020", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.27.tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b5fcef0e-7db2-5eac-a296-d6cc627246a7", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.27.tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2e6875ae-211c-5bff-8158-05ece1a1ed56", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.27.tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:387696ff-faa8-511f-b4be-fc93e782c0eb", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.27.tuxcare.1 of org.springframework:spring-websocket. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41840. The vulnerability was previously addressed through backport commits for CVE-2026-22740, which applied the identical doOnDiscard cleanup logic to prevent resource exhaustion from multipart request processing." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bdae0270-551e-5e97-a2d0-c42f7162777d", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.27.tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6baea31e-6901-5596-b91a-9f0d9fa1939b", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.27.tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:37d53c2a-43b9-585a-b183-0feb84f7a469", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.27.tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:faaf8c4d-2b1e-57f1-8fa0-02d2928d683a", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.27.tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ce1e2a7b-44dd-5622-aa6a-64ce91850095", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.27.tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3d12d557-1c76-5dcc-b752-4248fc119210", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.27.tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:62ea153e-54aa-59ad-8b2b-e355875cdce2", "id": "CVE-2026-41847", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41847 does not affect version 5.3.27.tuxcare.1 of org.springframework:spring-websocket. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41847. The upstream commit 07ba95739bf4451742e4ee6b4d4b2d0ee5f701bf is present in the current branch, and source code inspection confirms the vulnerability has been patched." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:44e6dfeb-45a0-5052-8896-f95c2192f5cd", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.27.tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1427bd16-1058-593f-9ac6-5592f367eaa8", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.27.tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8b431cf9-511c-5324-9c35-ff6d6b03a98b", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.27.tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f4294db6-8053-5107-8ca7-f57222e44c2f", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.27.tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d5fac0a9-90b3-5f59-85f3-6062c8d75827", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.27.tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a9c93120-5d6c-5394-9d09-3097b0c26319", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.27.tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:17d2bcc6-d5f8-5163-8ab2-bbc3391b6205", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.27.tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27.tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27.tuxcare.1" } ] }