{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:1e8361d7-8e23-5718-a72e-34203eb5866c", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-websocket", "version": "5.3.31-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:24b5cf60-febe-557a-8a5a-af8656d3a5b1", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:00080d0a-3a47-53ea-9be9-2569569267c8", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ac598399-1ed4-5b34-8746-c5ffe2a74df3", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d58cdd9a-1dac-5abd-93c5-80f562b865a3", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3bc1c971-8183-57b6-b418-e63877df42e3", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9c1dc710-5148-5017-aad0-863375b1f688", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b5880e6e-283f-5571-b2db-56218bffb74f", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 5.3.31-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5d12fc84-c732-58f4-87fb-8ea7f26d458f", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:50fe0260-bb5f-5a00-9a1f-77329afcbecc", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2ba8e06b-5b6b-544d-851c-17edbb008fe3", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b04155c8-450a-5f73-9f14-d8e6e5e71a2c", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.3.31-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e739134d-a837-59f3-83f3-dfcba0b9a318", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-websocket 5.3.31-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3011f661-7547-5595-ab0a-0e31ff85d3cb", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3e7e0210-efb3-5fa1-96e3-8cd9dde7d11e", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7ad96116-a3fb-5d47-9aef-5fc3ef9a6529", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:62def6c1-53e8-531a-ba6f-02a0ac67d4c2", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.31-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f9e1e026-3249-56ab-8c52-815b15d285cc", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.31-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d4de1cce-6f61-5924-b3c3-69fe78f33bb4", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.31-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:19054eb5-77b3-5573-ac2c-5b394fc0448c", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.31-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5c8acd06-e1e0-51e8-8f3e-64fd58e28965", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.31-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:880e9029-7025-531e-9c9e-05458b27bb46", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.31-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:33a79f94-8dab-5541-8a8a-b8cf3a138999", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.31-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9cb92ad9-83c0-5c3e-ab1c-6387aec56deb", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.31-tuxcare.1 of org.springframework:spring-websocket. already_fixed \u2014 The target repository (Spring Framework 5.3.31-tuxcare.3) already contains the complete fix for CVE-2026-41840. Both required doOnDiscard handlers were applied via commit 615477c88f (labeled as CVE-2026-22740 backport) merged on May 4, 2026. The code changes are byte-for-byte identical to the upstream patches." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:219d925c-920a-5758-aa12-322a066eff0c", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.31-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3182883e-7f41-50a7-9f4f-30e1ad8cf84a", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.31-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:29b2dacf-5347-5620-ada0-4586170398f9", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.31-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8818e726-03b6-5fd3-9ef3-110bb9bdc470", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.31-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f7e2fe01-3196-5a84-a4ab-ef4b6fdc4591", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.31-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:26505682-1002-547b-95d8-f033bc547108", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.31-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:84c63cfd-1f9b-5c9b-abc5-ab4997609631", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.31-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2921a2df-64b1-56af-a36b-c71e8ac611f3", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.31-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:627ad885-ab85-5e32-adf3-c16d8f09385a", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.31-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:83ce7bd8-313c-54c9-9462-c817e7d6176d", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.31-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:240ae279-b909-5024-9b4c-1601da34f290", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.31-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d1b4bc9a-a7b6-52fa-a3bc-c9e8488661c6", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.31-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:49d338ab-c759-5a33-a6ea-acc5735a3749", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.31-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a3b746d7-a30a-56d5-b14c-06496cb57fa6", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.31-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.1" } ] }