{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:c7c8c644-b78a-5af0-9807-fc6d5b963da3", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-websocket@5.3.7-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-websocket", "version": "5.3.7-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-websocket@5.3.7-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:11e42cac-83ef-560b-a4d1-9f479d0a306e", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.7-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d7a4cf0a-721a-519a-9aba-9e8e7464acfd", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 5.3.7-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b055712a-4712-5789-a56d-4fa65d60b1d2", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.3.7-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3244959a-0822-521c-b2c6-e18d4a2b958b", "id": "CVE-2022-22950", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22950 affects version 5.3.7-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:efc44046-b4ea-5a38-b6ee-27f5ec90cd6b", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.3.7-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b3df6c43-70d8-5284-b5ef-110958dfc69b", "id": "CVE-2022-22968", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22968 affects version 5.3.7-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5ecf67fe-bfa4-53c0-ad31-82aed2465e66", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 5.3.7-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:726bb6fe-ce42-5c2f-b735-785da2c93acc", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.3.7-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:20540974-cdf6-5436-9501-52f9d1d627f7", "id": "CVE-2023-20860", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20860 affects version 5.3.7-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4f91a148-3119-5117-86f7-dea4ca23f3d0", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.3.7-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:783221b1-8874-5c52-9dbe-7264430aa589", "id": "CVE-2023-20863", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20863 affects version 5.3.7-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:070858b6-0ef9-58de-adad-a7fd86e69cf7", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.7-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:475c419a-64d9-59e0-977b-fb5e6f42cbe7", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 5.3.7-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3f1da73c-b559-53ee-8be3-052ea53120b3", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.3.7-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:98ad9007-9259-5fd9-bcd9-ecf7fc612233", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.3.7-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:64ebc08c-2c82-57b5-8f74-5351336c6ff3", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.7-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0c645fad-745d-512b-b8e0-9eaefe37146b", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 5.3.7-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:40771820-f044-5fae-b982-b32dc522d211", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.7-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:629e3415-ee80-5e0e-a12b-6f724c535949", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 5.3.7-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5403bde8-404a-5c6a-a4bb-a5c012fa73e4", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.3.7-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5616afdb-8b96-5114-8101-d449aa52ebdf", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.3.7-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4fbcf59a-02fb-5e4f-9a0d-a886d05efc06", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-websocket 5.3.7-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b9c6e5ee-92e2-5c8b-8395-c3766fc50c42", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.7-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3867e4ea-58a4-52ef-81ca-57d3c137ba2d", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.7-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ef6c43c1-be32-5d72-90c0-046c790c3152", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.7-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:494a01a3-796d-5d60-a6e9-ddbc1df98a51", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.7-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.7-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b760c869-370f-5e5d-8477-f7ec13402b61", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.7-tuxcare.1 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.7-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.7-tuxcare.1" } ] }