{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:5a97e1c1-fa9a-5ed2-8125-ed795eac653d", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-websocket", "version": "4.0.0.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:43831850-c9cd-5e14-8257-eaa01ab327f9", "id": "CVE-2014-0054", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-0054 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5dab5834-15da-5405-aafd-2d4e278f64b7", "id": "CVE-2014-0225", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-0225 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b1fbd7f2-fe31-574f-aeb6-04e83214470f", "id": "CVE-2014-1904", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-1904 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a4384410-ca28-57d5-93c7-ece1cfc64091", "id": "CVE-2014-3578", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-3578 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:276f823b-f966-53fd-83ff-04c2f02d1da5", "id": "CVE-2014-3625", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2014-3625 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f944f957-1cf5-56c2-a1d1-644bb81d6339", "id": "CVE-2015-3192", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2015-3192 affects version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c692c8e6-011c-542c-8788-cfb16ba4837d", "id": "CVE-2015-5211", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-5211 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e6ebd20f-e09d-523d-9ff3-912ed10c7cc6", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c5585ce7-ddbe-5de0-9c55-7e9f1502d8de", "id": "CVE-2016-5007", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-5007 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:03ad5f84-98c9-5130-a2e7-567755808379", "id": "CVE-2016-9878", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-9878 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7af2702f-8bbd-5e85-a754-532f1f71d22b", "id": "CVE-2018-11039", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-11039 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:72f087df-2ae0-551d-b7a3-cc3729ed16ca", "id": "CVE-2018-11040", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-11040 affects version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:45f90c61-f35b-5229-83c2-5fe842574946", "id": "CVE-2018-1257", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2018-1257 is a false positive for org.springframework:spring-websocket 4.0.0.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4dd34903-97a3-5c6e-9638-b5f3c53348ce", "id": "CVE-2018-1270", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1270 affects version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2814c70d-1a99-5111-932c-fc707dda1e1f", "id": "CVE-2018-1271", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1271 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4a474364-aebe-58b3-b60a-5b1cb70f8b99", "id": "CVE-2018-1272", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2018-1272 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:de14a18a-9b5f-5121-abfb-a54269055619", "id": "CVE-2018-1275", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1275 affects version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9b08c0d3-3a24-54d2-8305-fff7af0fc381", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a87f3150-29fb-5c2f-b804-2fa6e6ac41ef", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bee0fffa-7040-5aad-bec0-a260213c0978", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e0660067-5472-5205-b022-5523bda6a120", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fc635127-e33c-58d3-af7d-8d14d5e20102", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a5e68ee2-35b3-5ccc-8f3f-6a3072b8e86b", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:650d0119-442a-5be2-8df4-78989e993f72", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ddf5b011-6494-53b2-8302-c71d4df6967a", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8a3e276c-09ce-55a0-8c31-e3ce18a606d6", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4e196bdd-b1e9-5818-86ee-0cc2df646427", "id": "CVE-2023-20861", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20861 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1bf6d18f-b82b-5d67-a997-337a16aa46b3", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:56712909-4b23-5b90-aef1-dc559f7245a8", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c2b5699b-6e27-57e7-a41f-646134afee3a", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:46cee7d1-f4e6-517c-9cb0-32a093f591f9", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:745e6f50-a981-508b-b172-84e09fdbcbb3", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ae202c2e-7600-51b7-9b5b-f8a32568d557", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:34890433-2744-5a4f-9181-f86f7d93b075", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8ef287cf-8177-5850-a53a-e0176736a1b6", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a6cccbed-c075-5cbf-94e6-7721315cce48", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ff44b3e9-9073-57be-97ab-4c8d19a28ff7", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7eafbe3e-0546-5bd8-b034-cac9db351385", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f483c6c5-499d-5c31-8f65-73c5b600ae60", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8b4ee1e0-e9cd-532d-915f-6a6d23d4d8fb", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 4.0.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.0.0.RELEASE-tuxcare.2" } ] }