{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:b537c0b4-2cc0-5e22-8462-b0f586bb03e9", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-websocket", "version": "4.0.0.RELEASE-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:05c47a35-9470-583f-8e31-e5f400a8a308", "id": "CVE-2014-0054", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-0054 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fc41e8cf-3704-5257-9d9d-313173aefaa3", "id": "CVE-2014-0225", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-0225 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:242e08ec-aa60-5258-bbea-6e273cdd5e3d", "id": "CVE-2014-1904", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-1904 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6f428cd0-0ba9-5a64-a7b0-d262875f82f8", "id": "CVE-2014-3578", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-3578 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2032c85b-682c-54e8-bac7-470446519dfe", "id": "CVE-2014-3625", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-3625 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:75ea51a4-930f-5206-b4bb-88dcef4cf577", "id": "CVE-2015-3192", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2015-3192 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:758591e7-ce97-57fb-a429-439c63563b68", "id": "CVE-2015-5211", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-5211 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5310420e-0c37-5901-b37b-b6e81bab7059", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1ff1d160-2dfa-5356-b63d-d64b9f14c5fb", "id": "CVE-2016-5007", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-5007 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0e07f424-4fc5-5c38-bc71-ed04f0762fa5", "id": "CVE-2016-9878", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-9878 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9a377707-3b30-568e-8563-1b6237c7fc5e", "id": "CVE-2018-11039", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11039 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:223f3f1a-6a56-5d5b-9cb8-c95d7e6571d2", "id": "CVE-2018-11040", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11040 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:36e24238-ed6a-5507-9eea-7b605ada5198", "id": "CVE-2018-1257", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2018-1257 is a false positive for org.springframework:spring-websocket 4.0.0.RELEASE-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8f90edd6-8829-52bd-9f69-2b8d6d5c4252", "id": "CVE-2018-1270", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1270 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1ef1e9f5-30bc-5da3-b231-cd385932185e", "id": "CVE-2018-1271", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1271 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c1d45978-3847-5c09-a0a7-6aa02b2fb3c8", "id": "CVE-2018-1272", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1272 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ec8b6e6d-5e2e-5883-b5e4-97616547d0f7", "id": "CVE-2018-1275", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1275 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3461cc5f-aa10-5637-9138-97800ee2a367", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5c81cd95-1508-5a67-8c16-efc4e39f7134", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e7a03e56-81d0-5e7d-8e6a-19ec32c36655", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8d963231-a789-5d41-a508-295d4dd7c6e0", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3f62ed9e-3d5b-5d22-8b4b-58bdc879da2d", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7ad7b2d3-93e7-5226-9266-44e615adea78", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2f174e5e-c71b-5d3d-a3b0-910c8a70afb9", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b98566e3-7420-5ed9-a7e4-608fb16d024f", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bd7a4ccb-46e3-51b8-8a4c-661cd4f1fcab", "id": "CVE-2022-22971", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22971 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c082d1fe-645b-5913-a2c3-237ad306e509", "id": "CVE-2023-20861", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20861 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4e8071e5-c0b1-5c64-9e9e-619f2f83e090", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:399ae5fd-a2a4-514d-bda6-af88a68a99c0", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:10d6e33b-d4b5-54c7-aafd-f726c7aca99d", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b86036ec-9bb1-539f-b23b-157053d9b651", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:17321105-9333-503a-9afe-db3e16368157", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fa999791-06bd-5201-95e8-8ae9a7d47c97", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5f53f9ce-a4ef-558c-9168-d8a69caa7f87", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1d0f19bd-9c66-52fb-a2b1-19752be425c0", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3bb984b7-d186-57ef-bd16-e6121515431a", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:be7e68b2-c49f-5035-8db5-2fc7c404f428", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e118ac0d-c1b3-5295-9e88-ce53b0e41808", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:52938d13-20c9-56a3-8a45-ada389c9389b", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1f0c7d83-5468-5374-8482-3202337595ea", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 4.0.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.1" } ] }