{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:58f809a3-2b1e-5eaa-9143-9f4d282794f1", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-websocket", "version": "5.2.0.RELEASE-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:f0c647f4-2a0c-5d42-8094-38a63c7df30e", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5ea34d37-39ba-50d6-92b3-868a0e736f8f", "id": "CVE-2020-5397", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5397 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bef7cddc-c6f9-5d6d-a375-9b06a5de4e75", "id": "CVE-2020-5398", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2020-5398 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:05a523b2-69f2-5d07-9595-2ef59ab55e41", "id": "CVE-2020-5421", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2020-5421 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6b5aaec9-1776-5a95-855c-7ac18ab572ad", "id": "CVE-2021-22060", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22060 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d4be3236-931d-54cd-9976-f146f80d5464", "id": "CVE-2021-22096", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22096 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4633abaf-6072-5c0f-97e8-0ce829bf6d8c", "id": "CVE-2021-22118", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22118 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dd0ce0b2-046b-51d4-ad2a-aaec63359d51", "id": "CVE-2022-22950", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22950 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e2aaaef3-daaa-5aa3-be9b-83e3e5c54d18", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:708b53fc-6f2e-5067-9c0f-d1a1d41f77e5", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e6bdf285-c997-5a7c-86c8-b1a079bb5aa6", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f8771902-8817-511b-b370-11157132db33", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fff7123d-e36c-51e0-b24f-871132131597", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:84249d53-e310-5f87-87ed-af9083cade9f", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:66174b2e-ab55-5afa-8bd0-5c31447489b5", "id": "CVE-2024-22243", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22243 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:982bc038-44d6-5f07-b42b-cf1c724879dd", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:28de0e9c-4532-57c4-999d-a859ded3cd72", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ab05cbdb-5bfa-5594-b82e-dc16c3bfbde9", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fe922c61-de1e-550e-ad2e-bcc54726ecd3", "id": "CVE-2024-38809", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2024-38809 is a false positive for org.springframework:spring-websocket 5.2.0.RELEASE-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0e4cd299-c0ac-58f8-b83c-d6372135301a", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:16c1abe4-8caf-5f5d-90a2-9ffa92f52c50", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dae40e4a-214c-5143-a3a5-5c3d6e69fe67", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:787a676b-610e-565a-b698-4bc2cf71d4f4", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f6fc2558-63ed-567c-9e5f-72a945862e5a", "id": "CVE-2025-41249", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41249 is a false positive for org.springframework:spring-websocket 5.2.0.RELEASE-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:499e2644-b4bb-5c33-a5ee-4c49b82a49e6", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.1" } ] }