{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:c7a9fb24-2574-51ec-a89a-0e6060ad4e0e", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-websocket@6.1.21-tuxcare.6", "type": "library", "group": "org.springframework", "name": "spring-websocket", "version": "6.1.21-tuxcare.6", "purl": "pkg:maven/org.springframework/spring-websocket@6.1.21-tuxcare.6" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:03fa4f62-4523-56d4-9dd1-309c07fe6352", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.21-tuxcare.6 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:c72e3ccf-74bf-5aa3-95ad-34e6db606aa0", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 6.1.21-tuxcare.6 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:772a2b88-6318-5dc2-a60a-219ee6412800", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 6.1.21-tuxcare.6 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:4d7bffba-27a6-5e9f-a05d-ea55a885d382", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 6.1.21-tuxcare.6 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:e7542a24-fcbd-5b96-9c75-4498a249fb95", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 6.1.21-tuxcare.6 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:2980994b-91e8-568c-9f8c-da84b62147ee", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 6.1.21-tuxcare.6 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:5d59ad9d-c9bf-5062-a4f3-4f39294e8d1e", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 6.1.21-tuxcare.6 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:5f1ed2a5-a17e-5146-89e7-3baae5f5e78c", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 6.1.21-tuxcare.6 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:d677e7c3-5bb8-5496-98de-68738fcaa70c", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 6.1.21-tuxcare.6 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:0428c9e0-cdd0-5d75-a8e8-bd8d8df11248", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 6.1.21-tuxcare.6 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:725fe30f-cd4c-5fda-8bd2-743b79c24c5b", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 6.1.21-tuxcare.6 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:2d8746fa-367b-5b44-aff0-055baef56088", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.21-tuxcare.6 of org.springframework:spring-websocket. already_fixed \u2014 The target repository (Spring Framework 6.1.21-tuxcare.6) already contains both upstream patches that address CVE-2026-41840. The fixes were previously applied as part of TuxCare backports for CVE-2026-22740 (commit d8aa04a97f, 2026-06-08) and memory leak fixes (commit e7c90921fd, 2026-04-29). Both doOnDiscard handlers are present in the current code, preventing resource exhaustion from multipa..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:1913353f-a52c-5db4-a2b0-2a515e739d5c", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.21-tuxcare.6 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:2632436f-08a7-5c5b-9305-9a1b2f47cec7", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 6.1.21-tuxcare.6 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:6e0315a6-69e6-521c-ba3d-990ac8fc4477", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.21-tuxcare.6 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:1473da18-7566-5986-b37f-77aa41a8ef32", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.21-tuxcare.6 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:f8a81ce4-cf73-5b13-8d28-9847d0f2acd4", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 6.1.21-tuxcare.6 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:763ad87f-c0b5-5091-bf62-94d54c64e345", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 6.1.21-tuxcare.6 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:651dc8f1-cc01-501f-aeea-ef3b0ed6a0a0", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 6.1.21-tuxcare.6 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:2c4cd83c-e5f7-5de7-bf63-63819e478ef4", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 6.1.21-tuxcare.6 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:55d586f8-2552-5d9a-b8db-2d465ebea14a", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.21-tuxcare.6 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:09952103-d61d-523c-9712-9f7e5096ba89", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 6.1.21-tuxcare.6 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:1c56f7c9-9740-50a9-bcfd-c20be1ad88ae", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.21-tuxcare.6 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@6.1.21-tuxcare.6" } ] }, { "bom-ref": "urn:uuid:3e0e46a2-5264-5eef-a475-b1ff525c3ed0", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 6.1.21-tuxcare.6 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@6.1.21-tuxcare.6" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-websocket@6.1.21-tuxcare.6" } ] }