{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:301e868d-b6fa-5803-828a-300fc7cd0f14", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-websocket", "version": "5.2.0.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:07c2310e-c916-5106-a50c-962549e4a136", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a992b7f4-a8b8-5249-9bf4-17b3aa17f061", "id": "CVE-2020-5397", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5397 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f78ddddb-ca8a-51d4-a735-00b5e15f7bda", "id": "CVE-2020-5398", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2020-5398 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4374f952-4522-5b92-af4e-6319dea87571", "id": "CVE-2020-5421", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2020-5421 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e4e6b47a-3514-5047-bd61-2752fbfa391b", "id": "CVE-2021-22060", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22060 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d936f62f-26d7-59ca-967a-ea15f2682b4e", "id": "CVE-2021-22096", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22096 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1fed64e9-223d-5530-85f8-ecb250688baa", "id": "CVE-2021-22118", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22118 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:da1b87e1-2ef5-5709-b449-8dd787cd31b8", "id": "CVE-2022-22950", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22950 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a1ada373-897e-5f19-bd55-135eaaab0805", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2ee82d94-f40f-5ee7-a759-849acfd84942", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bda0c103-bedd-5e4c-8cfc-4495ed2ff7c1", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:762f7a62-b680-5f8f-9855-33ecace09c10", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7cad0638-30ee-5b04-a81b-c239c21f08b9", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6ae44cea-2124-5bb8-aa05-6c8f5bd8197b", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:59c144a7-af3e-53e5-9537-1fd9004c2214", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:66a53ba2-b72a-56c3-a0a5-f009f3064063", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:30d505f4-310c-5a37-98fd-bf2a5fec65a1", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8ad5c60e-d1a2-580c-9fd3-aedd49ca7776", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a9297717-04df-57c1-b7ff-1e47e9cf9d2a", "id": "CVE-2024-38809", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2024-38809 is a false positive for org.springframework:spring-websocket 5.2.0.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b16119c1-68a8-5271-bbe9-08c1b8963b3c", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7acfe5f2-f5e9-5b10-873c-76e6386c82ce", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f35c332f-d220-5f4d-8959-f4ea9b7d184a", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b1392da4-5f7c-52dd-bf30-df5a35898fc9", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4bf47468-0abd-51f3-8be3-b846bc02f55c", "id": "CVE-2025-41249", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41249 is a false positive for org.springframework:spring-websocket 5.2.0.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c4dee552-a732-52d3-8b0b-63afb14b4021", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.0.RELEASE-tuxcare.2" } ] }