{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:070b9f00-de48-57b5-aa8c-2d390785eaac", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-websocket", "version": "5.2.13.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:1e56da08-aae4-597d-847d-867d071971a1", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ecd5d8bd-3341-5c6e-9b64-f5782e99e929", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7059ba96-8005-5622-82f6-0e8a4fc8ea50", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ba43619f-4426-5afc-ba60-0eb13ff29d5e", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8822723b-a534-5ea7-934a-56547a1951fa", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:659e312d-1219-51d6-b313-0ff35c25c5fa", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e7dcf540-1c29-5e7b-adbe-690db4a417ce", "id": "CVE-2022-22968", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22968 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c1886ab5-56d8-5298-b810-e6e28753a2c5", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e79d082f-7d48-57a1-a45d-1f41d6a379e7", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4c2775da-7915-55ef-9108-05be7f383bd4", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c48176d4-de58-59ad-841b-ffb52763b0e0", "id": "CVE-2023-20863", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20863 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9cac425e-4c92-5344-a2a0-c02f5148821a", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8ea52e61-a10d-5b70-b19c-05d9ad36d06a", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c86303cf-e130-56b4-a823-777fc7be17d9", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:62d88b99-a07c-575e-ab80-5a226911962b", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8cbbadc4-cb2b-5927-ad71-84569dfed9c6", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:20dc5184-1d9d-5d70-9bd0-1703c66b1955", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e8ffbefb-dfc2-51d8-81ca-3827c4e812a1", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ef57c40f-de1e-54f3-b044-5966278b25d5", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2dfb6846-f246-53bd-a7ca-5362fd258056", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dba855af-640a-5950-b170-5344cf8968a7", "id": "CVE-2025-41234", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41234 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:94ff1d38-f47a-5dba-8059-e53bdec3e279", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6c50eaa5-6a75-5ef1-af8b-5b1db171176f", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.2.13.RELEASE-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.2.13.RELEASE-tuxcare.2" } ] }