{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:2219a472-43e9-5e7f-88fc-cc6e6402e1ee", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-websocket@5.3.31.tuxcare", "type": "library", "group": "org.springframework", "name": "spring-websocket", "version": "5.3.31.tuxcare", "purl": "pkg:maven/org.springframework/spring-websocket@5.3.31.tuxcare" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:459cc352-ee04-52e0-9aee-2b2167cdffff", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31.tuxcare of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:ae2f0206-13ee-54d9-8904-0742d4913303", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31.tuxcare of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:ec8382e0-f96d-5bd8-a66f-d199a7b7f305", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 5.3.31.tuxcare of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:cd2d1716-0761-5573-aa4f-c55235845aa2", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31.tuxcare of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:9350ae53-4096-512f-b6a9-99af9244e1d7", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.3.31.tuxcare of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:b98122d6-e7cc-592b-bedb-6a7e9b73bb1c", "id": "CVE-2024-38809", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38809 affects version 5.3.31.tuxcare of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:3a456d49-759e-51e3-aa96-08c886ca3ef8", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 5.3.31.tuxcare of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:cbcc0113-4fe8-5658-926b-2fb82235ddc3", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.31.tuxcare of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:0bc3425e-c8b9-5159-a694-254dec4a2968", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 5.3.31.tuxcare of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:4e311697-ed3b-5b4a-96a9-bb584b44f705", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.31.tuxcare of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:088d887e-1e8b-524c-bdd2-107ba4997055", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.3.31.tuxcare of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:92f48f0f-4e53-5f88-bef1-5eedcd99a6a9", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-websocket 5.3.31.tuxcare." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:beed8b11-b788-54ff-8071-5c20567d24fc", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.31.tuxcare of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:a55f781d-ea05-5a59-b03c-8d3b0d55a0f0", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.31.tuxcare of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:3ee0af3c-b59a-51e9-85ea-3c51a366fc99", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.31.tuxcare of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:17a913bc-c618-57c5-aee2-1cbb1a8ef1c9", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.31.tuxcare of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:23424ed5-4189-5826-b7ae-df0f89e15459", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.31.tuxcare of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:427664e4-dcdb-58ed-a1ee-e517b4a1513d", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.31.tuxcare of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:1ddd6a87-cfdf-502c-9b6f-d068d2188c91", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.31.tuxcare of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:f7c2b430-6b65-58a4-ada4-914e3ed5eec3", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.31.tuxcare of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:3486d2b0-ddf3-5c8b-84ac-d191eddb74ab", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.31.tuxcare of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:de4c6017-ef8a-585c-99c7-a3f71125ff95", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.31.tuxcare of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:b7fd651e-7c38-5dea-a5b0-e326f9aa4abb", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.31.tuxcare of org.springframework:spring-websocket. already_fixed \u2014 The target repository (Spring Framework 5.3.31-tuxcare.3) already contains the complete fix for CVE-2026-41840. Both required doOnDiscard handlers were applied via commit 615477c88f (labeled as CVE-2026-22740 backport) merged on May 4, 2026. The code changes are byte-for-byte identical to the upstream patches." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:c12d138f-d69b-53fe-8ff6-fee1a5b074c3", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.31.tuxcare of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:76c680ea-606a-56df-ad80-cc2830a98698", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.31.tuxcare of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:879795c6-75d6-500f-a8d8-65695a96dd12", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.31.tuxcare of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:7513481b-d006-5284-a15a-df46cc902518", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.31.tuxcare of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:56cc7e2d-f226-5fc9-9271-44df47420df8", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.31.tuxcare of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:324c8abb-361a-5495-98be-65542364d55c", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.31.tuxcare of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:015513e0-577d-5c25-aedb-096b67619244", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.31.tuxcare of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:81502b43-a5f0-582b-b572-ca1dd144d57c", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.31.tuxcare of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:72003519-3bfa-5c25-9fee-cd551dc903c0", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.31.tuxcare of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:806053c2-d680-57cd-b146-b33cbb162617", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.31.tuxcare of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:52d02800-376f-5055-b38a-b6da38e58b22", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.31.tuxcare of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:9520f182-99ec-5ad4-a320-c4ae14071fde", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.31.tuxcare of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:05e109af-e1de-564a-827e-d4ca56197acc", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.31.tuxcare of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31.tuxcare" } ] }, { "bom-ref": "urn:uuid:81c5e354-948f-56d6-91bf-29b1cc5a1efb", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.31.tuxcare of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31.tuxcare" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.31.tuxcare" } ] }