{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:0ea61b63-753c-553d-b3d6-6e54f45de44d", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-websocket", "version": "5.3.37-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:6d3e6ba9-3d36-5db6-8c5c-74b19c962c00", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.37-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:63d3f334-9057-58a3-a201-caff750fc5ab", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.3.37-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:644fc1a2-ec4f-5848-9090-07704f00c739", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.37-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1e6e4ee0-493d-5b79-bfd9-f12e15bacafd", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.37-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bf4b63be-fa03-5fd1-b24e-12a436361b6f", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.37-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3b0a94cb-8e48-58e8-a310-1b6e0d4c224b", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.37-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8690acf3-fa27-51fc-a171-a2ea14b170ad", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.37-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:23555a4d-fa4b-5723-9927-03ed2b14c71b", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.3.37-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:23ed42ac-f447-50d0-a75a-e4bef81e8d89", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.37-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:42406aee-0a30-5ae2-8475-233f9e432d35", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.37-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dacdf58a-0361-57a3-b964-73ae849f102c", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.37-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b0feb255-c6ed-5ad4-b986-09eb49fdad61", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.37-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ba14b1cd-f0fd-5fbb-8212-b6fa04944bd6", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.37-tuxcare.2 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.2" } ] }