{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:004b0154-b612-57e1-9dd0-f0cd3e373b51", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27-tuxcare.5", "type": "library", "group": "org.springframework", "name": "spring-r2dbc", "version": "5.3.27-tuxcare.5", "purl": "pkg:maven/org.springframework/spring-r2dbc@5.3.27-tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:3867f57c-b19a-53ec-b437-8d602cb70d97", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.27-tuxcare.5 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:0ba56497-163a-5746-a2b9-fc857845495d", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:98dd26d4-2393-5754-af74-eb5b7d8f4d40", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:2fbba661-a102-5c96-87c9-0acf95292aa8", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:88bdef57-2e0f-5452-aa8f-f2a14a08468e", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:02af0d02-0619-5404-b612-a639b5371dc6", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:538d6a4e-02a5-5cb8-9861-f28dd06be1a8", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f286c344-ecc6-5e65-a566-add1b652aef1", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9b752039-bc06-52a0-a2d2-30d73fd5874e", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:02b24094-1609-5974-8d20-cc6a55fe3d78", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:6ec7ca92-470b-5755-9621-38afd112a0a8", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d0fb208d-e983-5141-a24a-252a99f5404f", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-r2dbc 5.3.27-tuxcare.5." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:2afeaa1a-fa96-52bd-a04f-5f13b0ae0c82", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7dd4870a-5d9d-5852-aab9-ec5a21333027", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:e884b5ea-738e-5bb4-8b79-c54e106e491f", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:cb329b1d-d5d5-506b-b8c4-3903d09e8fc9", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.27-tuxcare.5 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b797bfc9-f132-5b47-a02b-20b37f053862", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.27-tuxcare.5 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:5f93f287-90c9-59dc-ab69-fa2334643edc", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.27-tuxcare.5 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:a9f77607-a796-5070-abac-010a24b8339c", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.27-tuxcare.5 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:25cdeeeb-eb6e-52e8-aa46-e103ccdb04f8", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.27-tuxcare.5 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d4e350c7-13f3-5f86-98d6-ea71587c4507", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.27-tuxcare.5 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:66d30203-c3ab-5ac8-a78b-5a83a611ac95", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.27-tuxcare.5 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:cea2d686-9e4b-5e14-899b-c9ed16eae38f", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.27-tuxcare.5 of org.springframework:spring-r2dbc. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41840. The vulnerability was previously addressed through backport commits for CVE-2026-22740, which applied the identical doOnDiscard cleanup logic to prevent resource exhaustion from multipart request processing." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:68026018-7bc1-584b-9e35-cc50bb755c61", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.27-tuxcare.5 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b9852aa5-2318-50bc-8776-c4062f823e6a", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.27-tuxcare.5 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:58361e0e-86da-5153-a2d3-087a4b9c2b67", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.27-tuxcare.5 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:061c0de8-a009-5a6b-8a2d-f1f1f748c12a", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.27-tuxcare.5 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7075dd0f-dd30-5439-8d14-9b49f5638dcb", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.27-tuxcare.5 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:bf05d72a-91ee-5005-aa18-794a97f8d1f8", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.27-tuxcare.5 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:273b2a9c-45ec-5216-8d93-44a173bf5c26", "id": "CVE-2026-41847", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41847 does not affect version 5.3.27-tuxcare.5 of org.springframework:spring-r2dbc. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41847. The upstream commit 07ba95739bf4451742e4ee6b4d4b2d0ee5f701bf is present in the current branch, and source code inspection confirms the vulnerability has been patched." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:6782b6d6-9e64-5b9d-b6df-92e736692091", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.27-tuxcare.5 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:8b0472ea-b0ca-5936-bdfe-80d4dce9ab2d", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.27-tuxcare.5 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:682aa329-4102-5b7f-af7e-d562dd8431e0", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.27-tuxcare.5 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f52b0504-8e80-5548-bd29-fc491564c3c7", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.27-tuxcare.5 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f63695a8-d6ae-56d1-8e60-62bf1e3f6ab8", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.27-tuxcare.5 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:dee07e82-6db0-53fe-aa72-1dce05433b97", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.27-tuxcare.5 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:f3407800-a2eb-53ea-86aa-47d73202f177", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.27-tuxcare.5 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27-tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27-tuxcare.5" } ] }