{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:0bc98d64-5808-57ee-bf58-22640cbea0c7", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-websocket", "version": "5.3.27-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:be2b0844-41ca-55bd-aacd-cb3da87886d3", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.27-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:abe3c305-6b80-5daa-a135-7a9d192b0db8", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:153bebc7-7cf0-5763-a2b8-a67df9b2a7ad", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:32d30fcd-e150-52f7-98c5-410a9982e06d", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c08008ff-91ed-58ef-b9b9-c5ab4835c35f", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6ad54abf-96c7-515a-a37e-069ce33305ec", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e1a3f76b-c517-5b06-b18d-e1ba8b834871", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2dd367b5-ffa2-5013-a584-ea2f831a64d8", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:62d621a8-b5c6-594f-bb0b-fa1b2fb2c231", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2f047d1e-29a1-5ba9-a5c7-af2728099170", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:deceb0b9-bdb0-5494-ab19-15312a4bbb98", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a112b2ff-5d1e-5571-ad01-1f10f1ec3864", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-websocket 5.3.27-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f3d666df-7546-5db0-8de7-407be2d03d96", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8ea314b6-43e9-5ef7-b88e-870d93fa90e6", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3744abba-e0a2-5840-9148-21e1080e8cf6", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e5959a0f-2544-5f13-a70a-ce806f31d1c4", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.27-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4f9162ae-4916-55c6-8704-7352fc881058", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.27-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e5528370-6d30-56c1-ab00-8ee31495b07c", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.27-tuxcare.4 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-websocket@5.3.27-tuxcare.4" } ] }