{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:39feac1d-a50b-5330-a095-db09bd3be547", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-websocket@5.3.39-tuxcare.12", "type": "library", "group": "org.springframework", "name": "spring-websocket", "version": "5.3.39-tuxcare.12", "purl": "pkg:maven/org.springframework/spring-websocket@5.3.39-tuxcare.12" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:11a11d09-2ae8-5fc1-92f2-e7397b10c9e3", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.39-tuxcare.12 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:c9541637-da8b-5e25-a038-ee757b1be036", "id": "CVE-2022-22968", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2022-22968 does not affect version 5.3.39-tuxcare.12 of org.springframework:spring-websocket. Spring version 5.3.39 is not affected to CVE-2022-22968 as fix has been already already backported by the original developers" }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:9d0915fe-c5b6-5209-8fa3-e63e47ee60ee", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.39-tuxcare.12 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:dd715aed-5c80-5ed9-b12c-20b5e982d113", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.39-tuxcare.12 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:a93471f7-f012-5a1c-b72c-20e7d36b4e17", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.39-tuxcare.12 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:6da53e67-8cb1-52f7-9aa6-5c3ec09e0394", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.39-tuxcare.12 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:cb834777-6b47-513b-9fee-8ca90b3d18fd", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.39-tuxcare.12 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:9db900c0-7ddc-56ac-a1aa-546802d2d9e7", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-websocket 5.3.39-tuxcare.12." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:904943ba-5b34-5eea-84d5-35a4463788fb", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.39-tuxcare.12 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:d97ff975-660f-5c23-aa84-b8455a3d3b9d", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.39-tuxcare.12 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:f05813a8-a6c2-5fd3-986a-8417d09fb6a1", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.39-tuxcare.12 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:32e82246-5c06-5e10-ad47-ea22c7341d2e", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.39-tuxcare.12 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:6e4a6967-bcbd-5124-9cba-f43eac877186", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.39-tuxcare.12 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:ac3dea0a-03c2-5b73-8837-92eba7c2ad2e", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.39-tuxcare.12 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:6dcac76c-7bb2-5cec-8a38-d1b8b55dffa5", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 5.3.39-tuxcare.12 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:f2ff07b2-0410-5a85-8370-992b34ec97f1", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.39-tuxcare.12 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:c484d1dc-ff37-5167-9bc5-5fe5b0a43349", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.39-tuxcare.12 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:070431e7-6827-5854-bea9-353e12d974e9", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.39-tuxcare.12 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:983bfad2-451e-59e3-b526-90ee68007b2b", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.39-tuxcare.12 of org.springframework:spring-websocket. already_fixed \u2014 The target Spring Framework 5.3.39-tuxcare.12 already contains both vendor fixes for CVE-2026-41840. The fixes were backported via commit 4ef4cdca34 (May 13, 2026) under CVE-2026-22740, but the code changes are identical to the upstream patches. Both doOnDiscard handlers are present and active in PartGenerator.java and MultipartHttpMessageReader.java, preventing memory exhaustion from unrelease..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:d2708bc4-d05d-5616-9e49-145c0381e9ca", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.39-tuxcare.12 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:9ce99914-9e0d-5069-b3ef-5c0e87498855", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.39-tuxcare.12 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:f57625f1-7758-571c-aa44-f19c49669792", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.39-tuxcare.12 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:02f71c8c-6edd-5753-963b-1702452ea22b", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.39-tuxcare.12 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:40605df9-2f33-524c-a13e-83171ee3e5ea", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.39-tuxcare.12 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:e6fd476d-f28a-5350-b434-3418f3123f7d", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.39-tuxcare.12 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:2966d135-e323-560f-bbcb-bc8f5539d114", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.39-tuxcare.12 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:0c4f81b4-431e-5dae-a0b7-fc56b757e5a0", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.39-tuxcare.12 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:22ce4081-bf2e-57ba-b379-b8c81f6011ae", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.39-tuxcare.12 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:80a61012-5775-58d2-bdfb-493c10075eed", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.39-tuxcare.12 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:a0231369-c560-53b4-be47-fb9ba4a5e1d7", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.39-tuxcare.12 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:d0eebf90-37e1-5e09-8bf1-af0df03cd5e2", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.39-tuxcare.12 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:8060ca0a-8587-58b0-ab8a-39a197cdcb3f", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.39-tuxcare.12 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.39-tuxcare.12" } ] }, { "bom-ref": "urn:uuid:d90fa669-2ffd-575e-bf0e-b100b42f0ddc", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.39-tuxcare.12 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.39-tuxcare.12" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.39-tuxcare.12" } ] }