{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:05d38eb4-94e9-5aa8-b699-23f9c3983e0e", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-websocket", "version": "5.3.31-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:77849447-d80e-5270-a016-7aebc1be2e29", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b483c22f-7e30-5292-be04-bd95b6fdb11f", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:503a5e11-fcc7-512f-b9f7-3a6a4f0714fa", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f19be434-d681-5712-ab82-35248651fa05", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ad9bab47-d363-5ff4-9042-9a391198332d", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e4aa40c9-7d0d-5fe4-9dac-f8000a2ee0c8", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:65ddb7ba-e744-59f1-8a79-866b64c1b86b", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:07b3104c-2dbd-5a2f-a600-343f19a8d4b2", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f1fcf0eb-a644-5c8f-89fb-ed4af4c68197", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e0ae43e8-6374-56c4-84bd-f1e9ad84199a", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1e6c6421-bb73-5d54-b3ce-1b0af71401b2", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f85da29b-984b-5c84-9f9f-ec59a50673ea", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-websocket 5.3.31-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d4f35115-3955-5fc1-9387-bb5e8b5af1cf", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b0f2171f-1299-55a3-aca9-5a46d7b278ef", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:79b4c742-f35f-5358-b3be-77b11e754f92", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.31-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e4d46049-5eeb-59bb-86ac-373c19a68368", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.31-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a3d8f85f-5859-5be9-9cb8-9e405b529a53", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.31-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8d1cebf9-3a20-5288-99a4-aed2c134958a", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.31-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4eee2370-b340-5d43-9489-94efbdc48d04", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.31-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:428c9780-3e04-5c99-acd5-15db917aa615", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.31-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9372d27a-b6c1-5461-8f96-9394ffbb482f", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.31-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b6c7e443-c2fd-571d-9401-9412befd7fbe", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.31-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bddde00d-d5d4-5f29-9e9d-0068737f03b7", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.31-tuxcare.2 of org.springframework:spring-websocket. already_fixed \u2014 The target repository (Spring Framework 5.3.31-tuxcare.3) already contains the complete fix for CVE-2026-41840. Both required doOnDiscard handlers were applied via commit 615477c88f (labeled as CVE-2026-22740 backport) merged on May 4, 2026. The code changes are byte-for-byte identical to the upstream patches." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8d959580-2bbf-5d94-8656-9d6b132b1b6d", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.31-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fc18ac3f-cde2-5f5e-ba5f-70f4ee6fd780", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.31-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:02cb96f0-149d-5119-bfd2-20094b52bf74", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.31-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:abf62b9f-5521-5f8f-9cb7-676e52dd3030", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.31-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8ce40efe-457b-5a6a-b1ba-cb916f16a559", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.31-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fe642ff2-0df8-51be-b306-573668f86506", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.31-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e3806c01-384a-5d68-a813-7c2f1d64b65a", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.31-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ed637884-c77b-5590-a161-c42d0906fb9b", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.31-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:875e980a-1b44-5217-a643-71a17584ee89", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.31-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:37db5811-f6b3-5945-867b-122519a3f80b", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.31-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:25520b1d-f81f-539e-a645-da19aa78d0dd", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.31-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a9985d18-ad6c-58cc-b694-4976e28fed5c", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.31-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a22e2f64-b052-5d37-a018-c8b538432038", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.31-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2894ffec-98eb-53b0-a81e-c0a509ca8a60", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.31-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31-tuxcare.2" } ] }