{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:59738068-4cb8-5c48-b9e2-ca52cd02dd3a", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-websocket@6.1.21-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-websocket", "version": "6.1.21-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-websocket@6.1.21-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:c8541389-7b4f-5dda-b215-bb551eec25c0", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.21-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a9c7c84b-4138-5b65-9a80-5799580da498", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 6.1.21-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a8ff037c-3da8-5a92-98d4-07b437faba1c", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 6.1.21-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a8f26e73-7ae8-5d3d-b7b4-2b4f91b379ac", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 6.1.21-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e24f158b-cb2c-57ad-86a3-8c7bee1938fe", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 6.1.21-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8bef17ef-2e59-5150-bffc-ece99241ad4f", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 6.1.21-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:15e1ddf3-eadf-5483-ace4-eae9ea911880", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 6.1.21-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5bf97f2b-6bdf-550c-8e49-5618f19ea52a", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 6.1.21-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2711a4c1-66c2-5bd6-8f72-7dee3335d6dd", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 6.1.21-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2d8c4e9d-b9c5-51f3-9f35-5407560e0a9a", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 6.1.21-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c0ee82f0-7535-5d40-8165-73ae9ee7f794", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 6.1.21-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4b5d07d1-4229-5137-8d40-f2e0fe27278a", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.21-tuxcare.3 of org.springframework:spring-websocket. already_fixed \u2014 The target repository (Spring Framework 6.1.21-tuxcare.6) already contains both upstream patches that address CVE-2026-41840. The fixes were previously applied as part of TuxCare backports for CVE-2026-22740 (commit d8aa04a97f, 2026-06-08) and memory leak fixes (commit e7c90921fd, 2026-04-29). Both doOnDiscard handlers are present in the current code, preventing resource exhaustion from multipa..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1be1e2dd-43b2-5b60-acd8-04fc8bfea3c5", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.21-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:507cff1b-a110-5f3d-a6dd-3e96f80a7be9", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 6.1.21-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e6fda733-1f82-5a4c-b939-1ded21f14c84", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.21-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:17854d89-55b4-521d-9de5-aef5e52f897c", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.21-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:354ad3a6-8542-5a2c-9358-a401fb62b2bb", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 6.1.21-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1d92054e-0cdd-5489-80b2-539876facaa7", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 6.1.21-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4eb2df8a-7ebc-5c54-ba2d-278a993beecd", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 6.1.21-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e7e0b72c-0137-5928-b57b-535dd3eac33a", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 6.1.21-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a7544368-9d22-5077-8e6b-f422887ebf81", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.21-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b272fe12-84e6-5511-a260-397b20273bb6", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 6.1.21-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f5b8686d-3f40-5260-bce3-c767055a5e68", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.21-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:af8e9b14-3509-5022-b894-996651ca15a3", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 6.1.21-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@6.1.21-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-websocket@6.1.21-tuxcare.3" } ] }