{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:39b3dc28-3d32-5b8d-8532-dbf504759483", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-r2dbc", "version": "5.3.27-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-r2dbc@5.3.27-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:bf2fde5f-4a65-55c1-97f2-cc37e72e49d4", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.27-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d8555017-82f2-508f-8472-6572645a28a5", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:19777d48-0d5a-5574-a2f6-90ab33f3ccd5", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:709e210f-0061-5448-a1ee-942c66632074", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f748e44b-d7f5-54ed-b7d0-86fd21013c67", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:201bd299-ea71-5240-b915-248fbfbc36ad", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2446a2d3-d335-5ea9-a5f3-2f101c4b292b", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ac6cb208-644c-5de4-8487-46d54b982e59", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:70f8e324-97c8-55af-896d-4ba8dd38c7b3", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9da85fdb-0e2d-58e3-9dda-7a18e2894fec", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ba8e6b46-6c6e-5f81-abc2-a579375cac77", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c8fc90bf-a16c-5433-8c81-7c340ebc4664", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-r2dbc 5.3.27-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e9473bab-9ba7-5706-b996-107b59026447", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a70cb931-7a74-5e67-91dd-2b0fdc8349cd", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.27-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:341913b1-66ae-5242-95f9-1556dbf2a188", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.27-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cf0da590-acfa-5496-98fb-baf76006b93b", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.27-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a9ec34d5-8b2b-53a5-8740-e991e6f8c754", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.27-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9dbc4af4-9130-5f5b-9730-a02d4354bc17", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.27-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7dce1278-c820-5dc8-a396-34fa986fdca6", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.27-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fa7600eb-23d1-5c48-81e5-cdbf2f8785e6", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.27-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0815dc4a-1d6c-5df1-9851-676d11d9fa6f", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.27-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3aecebd9-e631-5849-8684-88166a7e412a", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.27-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fd077480-1fd8-5ea3-8908-31e91fa07cdb", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.27-tuxcare.2 of org.springframework:spring-r2dbc. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41840. The vulnerability was previously addressed through backport commits for CVE-2026-22740, which applied the identical doOnDiscard cleanup logic to prevent resource exhaustion from multipart request processing." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c5c66194-9e39-546b-8cf5-449e15d311c2", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.27-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8ec5b7b3-871f-5a22-af06-6ea8ed22e354", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.27-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:674060c0-c7db-5753-8ce6-c407acdcaf6d", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.27-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f8488dba-1e89-5a1f-834d-073bdb149e5c", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.27-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7f784c42-3276-5309-8a8d-7e1857744276", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.27-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a7b97233-83fd-56e1-ad66-abd3d7d23009", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.27-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:20fd49cd-fc67-5a0e-ad80-72b9d2a4b394", "id": "CVE-2026-41847", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41847 does not affect version 5.3.27-tuxcare.2 of org.springframework:spring-r2dbc. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41847. The upstream commit 07ba95739bf4451742e4ee6b4d4b2d0ee5f701bf is present in the current branch, and source code inspection confirms the vulnerability has been patched." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0c8c606b-726e-58c9-b736-dec881d92f18", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.27-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6960b2e5-1d68-5e5e-b9f9-79c8dfe9bc51", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.27-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a485e1a3-814b-57fe-80e9-a5b1b868c38b", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.27-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:70797cd7-7979-5aec-8cdf-27ea6e050c26", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.27-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:13f9184c-f202-54db-b3e8-68191866f5c3", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.27-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e39af061-fea8-509f-9b10-f7d3b6e3cfc1", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.27-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:feb37827-c4d4-52ed-bb4b-40c10726925a", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.27-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27-tuxcare.2" } ] }