{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:9dbdbdb1-730c-5cf4-a559-f17d9fa99092", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-websocket@5.3.39-tuxcare.11", "type": "library", "group": "org.springframework", "name": "spring-websocket", "version": "5.3.39-tuxcare.11", "purl": "pkg:maven/org.springframework/spring-websocket@5.3.39-tuxcare.11" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:3661c5c7-2e4b-5d0e-9991-41c863f896a5", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.39-tuxcare.11 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:5eabb154-363c-54de-98fe-91a826158b7b", "id": "CVE-2022-22968", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2022-22968 does not affect version 5.3.39-tuxcare.11 of org.springframework:spring-websocket. Spring version 5.3.39 is not affected to CVE-2022-22968 as fix has been already already backported by the original developers" }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:573d6cb9-2d9a-5cbb-ada0-d06bc15b7cb3", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:c0b06ca2-3e7c-5b02-b435-d785605308d3", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:1b81b781-0e4c-531e-a995-8a2d2f65aa00", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:e0cbe4a1-2be2-5160-9e8f-746e70e20c20", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:1714dca5-7244-5af4-8ef7-2e68bffa996c", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:d0b4c130-048e-5615-b676-6754c0f4e57f", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-websocket 5.3.39-tuxcare.11." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:dbec55de-a2c1-5512-b7b1-45742dd86247", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:e3d2aad9-f6f2-509c-959b-ba106436ae48", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:16731038-8521-5498-9641-448da07223ce", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:e8400c7a-ceff-522f-8843-45d24f444037", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.39-tuxcare.11 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:f16d0d3e-36b3-5e77-bfcd-188f091cf7de", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:cf0d9e9a-d38b-52a8-8c06-4400183e5ee7", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:2c0682a3-204f-591b-8ad1-4e7972ab580a", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:5b89a8c6-7a6a-5a4a-b401-8e2d3d0c9578", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.39-tuxcare.11 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:7e791870-246a-5f0f-a5ab-30ba652f327a", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.39-tuxcare.11 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:decdfeb7-6d38-5250-9b6b-1501a3baf8ca", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.39-tuxcare.11 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:b1e3ef91-0ff0-57d4-864c-bd8277c2df53", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.39-tuxcare.11 of org.springframework:spring-websocket. already_fixed \u2014 The target Spring Framework 5.3.39-tuxcare.12 already contains both vendor fixes for CVE-2026-41840. The fixes were backported via commit 4ef4cdca34 (May 13, 2026) under CVE-2026-22740, but the code changes are identical to the upstream patches. Both doOnDiscard handlers are present and active in PartGenerator.java and MultipartHttpMessageReader.java, preventing memory exhaustion from unrelease..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:e8c6fc45-aea0-515b-baf8-d6868d97faae", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.39-tuxcare.11 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:18e32968-b48a-5281-8831-11c5ba2708a8", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.39-tuxcare.11 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:94455334-e311-582c-9cbf-c7f0c160684e", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.39-tuxcare.11 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:8c2726b0-8205-5b1c-af7c-54b6f1077cca", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.39-tuxcare.11 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:9837d501-ca2e-5160-9218-f56887d00b82", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.39-tuxcare.11 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:356db171-89b9-5d62-b1f7-32a88d9d41b4", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.39-tuxcare.11 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:4c937ef2-b3a1-5296-9151-c1d301202788", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.39-tuxcare.11 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:63bfb647-77c3-587f-9abf-f1f03abeae9a", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.39-tuxcare.11 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:a9565563-d825-55da-9ff8-2d3bc9c195a4", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.39-tuxcare.11 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:64fcaea7-2a1b-5796-aefc-5bb80c05cd01", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.39-tuxcare.11 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:f2209497-a30e-5705-9d07-5d1972a47e64", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.39-tuxcare.11 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:e1940bb3-c6cf-5d00-9c9f-34712af67a38", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.39-tuxcare.11 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:8920ffd5-4819-58fd-af49-73ff85c28de3", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.39-tuxcare.11 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.39-tuxcare.11" } ] }, { "bom-ref": "urn:uuid:f4370000-838f-5128-aff2-8f07956903dc", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.39-tuxcare.11 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.39-tuxcare.11" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.39-tuxcare.11" } ] }