{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:d7d5c0b6-5783-584f-9d66-d94fbde02fac", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-websocket", "version": "5.3.29-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:c7cde797-13c4-54b2-8892-91435388f809", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.29-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a05079a5-566e-5fb7-b796-4f73852ac2db", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dc83bc26-2142-50d6-bccc-a1573623e4ca", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e3ffbc16-425f-5566-aca8-22fc2b3b520b", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.3.29-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1612ca06-cf86-5245-8427-062a23cf6f40", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.3.29-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:107367a3-5023-559a-9d0e-fa7db84edcd7", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:376debf0-ecfe-53fd-9b68-ed7f6b5f417c", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f1be6e49-100d-5d77-82cb-1834e316fd27", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.29-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:de45d8f1-9234-5b55-adc8-48dfd83ff5d2", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0d59ea91-03fe-52f6-90d5-c0547363174c", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2c03a8f6-922a-594b-94c0-448e5d59fee6", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:15f2e0ea-38de-59a0-a441-4455eff0b361", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-websocket 5.3.29-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cbca6b63-90b5-5392-89e4-a9a28f3d154a", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.29-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4d9d8b49-aa76-56c2-b026-a5a7eee1a88b", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.29-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5642dc5e-171c-5fd4-8567-94826cf5075e", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.29-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:25ad2554-1f8d-5dbd-8fa0-7d8a9b9b49da", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.29-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f71cfcab-ee0b-5d46-8d15-784b351a3e36", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.29-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c220e908-bf52-5a09-a8cd-22f8d41ae819", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.29-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8c32bb14-66b8-5738-bc87-7bb8ac11cf18", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.29-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a53c69d0-d145-58cc-9e53-291540d96ad9", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.29-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:807b1fdb-fbd2-5d11-acae-1db95d5a75d7", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.29-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:35ce23ed-2b49-5dc2-8dbc-6392a80a977c", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.29-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4e987aa8-9589-51c8-8a3b-025bd180dead", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.29-tuxcare.2 of org.springframework:spring-websocket. already_fixed \u2014 The target repository (Spring Framework 5.3.29-tuxcare.4) already contains the complete fix for CVE-2026-41840. The fix was applied on 2026-05-19 as part of a TuxCare backport for CVE-2026-22740 (commit bc0026ae70c), which addresses the same multipart request DoS vulnerability with identical code changes." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6b7656b1-5918-5fc8-b164-995bf4c4a8c6", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.29-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7cbf0d5b-214a-5236-974a-6923e112563d", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.29-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fcb9f388-8ccb-533a-8f82-be1eb5f80c9a", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.29-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f21ab540-2bf3-5c12-a534-1f21dbcf735e", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.29-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6788cfaf-a342-53e5-a62c-527c3643c4fb", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.29-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4f94c134-4974-5b9a-8611-db6b9c793237", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.29-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6d891037-eec6-5d2d-96fd-4ac01b7911f9", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.29-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d53deb56-f2ab-53d3-94ef-740c1c0703b0", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.29-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:559cbed6-5612-542b-ae11-4eb9d201b002", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.29-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f77671f3-3c76-563b-906b-70dd4290d09c", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.29-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bf1ab172-60be-5fd8-bd42-d7a24d238854", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.29-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7d7ae4cc-1189-5d77-8192-8f0f3a46261c", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.29-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2076defc-5885-5899-ba90-b7c361959ff3", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.29-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3590e07d-9a83-51d5-ba30-f4f0c8ec501c", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.29-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.2" } ] }