{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:afbbe15a-35bc-5f35-825d-1d835d8feaa2", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-websocket", "version": "4.3.30.RELEASE-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:72565f32-1bc8-5b94-ae20-e7729ac89e1b", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:385fa595-191e-50f7-898c-056e9362d5f3", "id": "CVE-2020-5397", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5397 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fef91897-f8af-5025-8c93-372bf3b0dd29", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0b63e30c-922a-55b8-88bb-27c47aed7789", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e06a53fb-f78b-506f-b187-346c777d908f", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c222bb72-d53a-50d2-963c-f6fd19bf0c29", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6cca5089-f5d8-5d1c-bbbc-f5e619622eaa", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9c6a6cac-d56e-5e9e-947b-b941879a6455", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:af5f558e-f32f-5fea-9d9a-580350509d47", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:800a26c9-aef3-5569-acbb-e1af5f53e8e0", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:41d30f4c-6d92-5681-a03b-7b315ba280d8", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:18a4ff0b-b7e9-5215-abbc-bc18044296c9", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:18b15c9e-6233-567a-80c6-9f50db6579cd", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:21c4f9a8-34ad-57cd-94ff-69925c7ce335", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:186fb22d-6fc9-5526-a737-79edec2b7501", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e10e397d-f20b-53d7-80c7-23b442de1761", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:42bcb5a4-aa2b-53da-a1fd-fd9c5a377bbe", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ab2a224a-f6f6-5b6f-b029-732cc366fb72", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a7945325-bb54-5c3a-b324-37e608f0763f", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f061fb2c-9e52-584f-8cbe-7da1536e52c4", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6fb1352e-1207-57da-ba90-b28578c097bd", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:153e3b06-78ed-5b15-87e5-309f9d71e852", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1dc35cee-c55d-5c67-9164-b15174c2fa2d", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:00544536-93ca-51b6-8232-32a79c870b45", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fe98c4ce-bb1b-556f-9435-668d17ed8828", "id": "CVE-2026-22740", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-22740 does not affect version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-websocket. CVE-2026-22740 is a WebFlux-specific vulnerability (reactive multipart temp-file cleanup in org.springframework.http.codec.multipart.MultipartHttpMessageReader / PartGenerator). Spring Framework 4.3.30.RELEASE predates WebFlux entirely - the org.springframework.http.codec package does not exist in this version, and there is no reactive multipart code path. Per NVD, affected versions are 5.3.x, 6.1.x, 6.2.x, 7.0.x only; Spring 4.x is not in the affected range." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5857ff43-8cb4-5e00-8263-63524f04c82b", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 4.3.30.RELEASE-tuxcare.3 of org.springframework:spring-websocket." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-websocket@4.3.30.RELEASE-tuxcare.3" } ] }