{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:558ad12c-7fa0-590b-91da-a1b21264940d", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-websocket", "version": "5.3.37-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:026c99b1-3f58-5b31-bd11-a32cce814f77", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.37-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8fb7f00f-8261-54c8-8c7e-86bbb559cedf", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.37-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:819e6406-1391-5ff1-9009-105d65da8b45", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.37-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:640bb3f2-c576-5f57-a6af-3f926696f568", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.37-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ed2f8826-cdaa-52ec-ae11-4f681b0a6bfe", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.37-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:012e151a-0d01-591e-8df8-073f86f30306", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.37-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:80e718b5-2b23-564b-bf0f-77e7781e4083", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.37-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:63bb594d-184a-5fbc-8bae-eb86cc1ef58c", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.3.37-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2c5bd042-290f-59cb-a9b9-8919aa14e306", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.37-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:62f57e44-1cf5-56e3-acf3-5823fd11b10b", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.37-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f98dba6b-ca42-5d57-878f-87bf95d0b520", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.37-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c89e1b0e-b152-5499-b34f-c66f4bf236eb", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.37-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:423c0e40-49d0-5891-bb51-08765b75eb1e", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.37-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.37-tuxcare.3" } ] }