{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:de4290f0-97ce-5e92-8ae1-2dd8b653bfdc", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-websocket", "version": "5.3.29-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:95613c78-c053-57b4-8c2d-8f5032eb10c2", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.29-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:aa5a66fa-9072-5169-a191-6be60c1900e1", "id": "CVE-2024-22243", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22243 affects version 5.3.29-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c081b761-9726-5306-b0b7-ca6b1b79ca0e", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 5.3.29-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:871750c0-b8a6-5535-b6e8-809af4942c4f", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.3.29-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f2c4e586-1331-5f5a-9383-a743b8b95a70", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.3.29-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:81434d25-3a7a-5e8d-91e1-c1a8c8d82cf3", "id": "CVE-2024-38809", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38809 affects version 5.3.29-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f4faabe7-4322-54c4-8837-26de42175c4e", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 5.3.29-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1fafd5f1-1263-59e4-bc4c-b2de83ee6cfc", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.29-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5ed9c0f4-572a-5458-b6c3-d67469472e63", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.29-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f8fdbc98-0741-5777-baab-4099d9ac0c9d", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.29-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c27e8a83-a121-5ba3-87c2-575c706cad86", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.29-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d71ef273-5b44-5826-b727-2bd591f55f20", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-websocket 5.3.29-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4a167b02-d7b8-505c-ab05-36aa0abd7aca", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.29-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e5d42d35-eff5-555a-a342-ee4c1eed8f51", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.29-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:95144d47-c1f5-5652-a91c-5e841fd79a72", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.29-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0cdf686b-fe9f-5d09-a27d-764ae621c264", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.29-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1f434a8d-6db6-577c-b18b-233c504bb3c1", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.29-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:12a2525f-4a49-5d15-a834-026dcac51b85", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.29-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7f69de01-b6e2-503f-8a05-3d5a5be26389", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.29-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fcc8ea8e-1a18-5718-b046-a324b180358c", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.29-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8288fc53-c10b-525c-a513-06fca4845a4a", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.29-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:124da89b-5a9a-56ba-8033-dea6bed4c908", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.29-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cd73f12e-ef6e-5801-8abb-efca861ac638", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.29-tuxcare.1 of org.springframework:spring-websocket. already_fixed \u2014 The target repository (Spring Framework 5.3.29-tuxcare.4) already contains the complete fix for CVE-2026-41840. The fix was applied on 2026-05-19 as part of a TuxCare backport for CVE-2026-22740 (commit bc0026ae70c), which addresses the same multipart request DoS vulnerability with identical code changes." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b59cb474-da28-5af7-86c8-6b20d090324c", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.29-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:685b9b06-d7a4-56c1-8776-56eca506b1d8", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.29-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:78923538-a5e0-5aad-bdb4-8e433778ff86", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.29-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1e047c64-1eb3-5e32-afb5-6f8c6aede0f1", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.29-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:95815cba-316e-53dc-80bd-9dbe47c3ff70", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.29-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d123595b-dd06-5406-83ba-ebcee111f24b", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.29-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:81fb4ecc-871c-5593-bddc-b46cdcb7a6ce", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.29-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6a3c03d8-0e00-50b5-9831-68257cbf3791", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.29-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:599a6089-884d-526b-b7bb-fe8ee070b3dd", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.29-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c9e81d01-2943-5592-8cb0-0982cc2328e4", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.29-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:49bf6796-ca2a-5bc4-bb1b-25690bc7adcd", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.29-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:04c07f8f-aa63-549e-8c9b-19643e8e91fb", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.29-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6021587d-505a-5132-8e4d-498f77604cdc", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.29-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:37ef2b6b-47a9-5c22-8f44-79276c23453d", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.29-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.1" } ] }