{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:3ed49124-fd46-5b7b-933a-7f2d13750973", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-websocket", "version": "5.3.29-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:289448cf-bf7c-5b47-b2fc-66d68d0943f8", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.29-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:eed3f2d2-90c6-534d-aaae-326c73e9c2e6", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a57907b5-7730-5172-9df4-10353427c86d", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2d178678-7fcd-5add-bce7-d7f446a4f163", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2ae569bd-df7d-537c-ba9a-bba45454d723", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9a6ac3af-1d2d-5c55-94c4-f51ebfd30668", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:431e53de-1051-58a5-876a-7eafaf96ce11", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:127bad2d-2713-51f1-a3a7-6f6148dea1fe", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b3a34321-2674-580c-9a39-9090725b7e00", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f69747ad-4cc9-540c-ad15-3aa7d3746b0e", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a7d1b01c-965b-5e0a-84ef-7f301c0e13cf", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5c994725-c27e-5965-8ec5-f9018bf3466e", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-websocket 5.3.29-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f6df82f9-a0e6-50ec-9c66-2d32c1e24fcb", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3a07fd74-f6c6-54bc-80b4-99a334df773c", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.29-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:973a9510-ef54-5fed-baa1-ad549bd0beff", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b2720154-c8c1-5985-a567-bb67c1b205c8", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.29-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:76658143-5ce1-5d08-8476-83b8d9aaa772", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.29-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:09b4893e-9782-54ad-aa66-5685ebc3cfd7", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.29-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e1d85554-0a0d-5357-8aaa-34038ffe70fb", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.29-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0c5968a1-e61e-53b2-9f4d-4caef6441415", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.29-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:51f0a5fb-11b9-5041-8896-f44705a317e2", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.29-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:80562953-5c60-5fe0-a2d6-3b3c6e18c167", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.29-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e58270f5-881b-57a3-8850-6ae2a28851cf", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.29-tuxcare.3 of org.springframework:spring-websocket. already_fixed \u2014 The target repository (Spring Framework 5.3.29-tuxcare.4) already contains the complete fix for CVE-2026-41840. The fix was applied on 2026-05-19 as part of a TuxCare backport for CVE-2026-22740 (commit bc0026ae70c), which addresses the same multipart request DoS vulnerability with identical code changes." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:332ed3a3-8e91-5c04-ad79-d30d8ec3494c", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.29-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a0c800e4-3a8f-5f25-9713-682258ae2b88", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.29-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7787cdb9-4ac5-52b6-b440-f212a8e61a7d", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.29-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:290ea3ff-794e-5417-a321-a432a57bd827", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.29-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d17ce10e-1b31-5e0e-b1aa-62c4e7c3c39f", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.29-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:084ebf47-bd4e-5b94-aae8-bcaf113f6a99", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.29-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3a9aa178-7aa6-577e-bd2c-f629c19d381b", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.29-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:88fe58d3-7678-500b-8c6a-e19e8544fa89", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.29-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f92e8bb0-695a-59d1-a2f0-7a13fd3aaddb", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.29-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4783c2da-e22a-5f27-8dd3-8bb896565c01", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.29-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f81ed2e5-f851-518c-9f79-d10f16c463f3", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.29-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:56c014d0-4f88-5b95-9538-c46e790e7cd1", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.29-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b8845cb7-6bc9-55fa-9e0d-5c526ba91f88", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.29-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a8e62280-39d0-5630-99e3-f6368557394b", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.29-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.29-tuxcare.3" } ] }