{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:551efce0-cb39-5fe1-bf2a-96282588ea3c", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27.tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-r2dbc", "version": "5.3.27.tuxcare.1", "purl": "pkg:maven/org.springframework/spring-r2dbc@5.3.27.tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:e3bea214-7d46-55f0-ba33-890ac05da2ed", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.27.tuxcare.1 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f0ae42ca-c724-55e0-ae20-b6317befc02b", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:09c9160d-e3a1-5f6a-b3b2-70a4927ca480", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bea0af8e-d399-576b-b2ed-4893f6ab42b1", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.3.27.tuxcare.1 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:efce5c7d-a01b-559a-a551-4d1fa8feb7bf", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2b967f25-68e6-5fa8-a528-31a1cb3cf22c", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a53f950d-d410-5116-9e1f-c7c3cc02fd85", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 5.3.27.tuxcare.1 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3ec232bf-9de4-5aee-ab37-bc6d2665addf", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.27.tuxcare.1 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b60ac568-eb7b-517b-985e-16a842d13601", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e2aa8b6a-c9f8-5dca-aaf8-878ddbb937e6", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7e4e0f06-8c09-592f-ad43-7b2db4d60c1e", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.27.tuxcare.1 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:779d605a-6284-52ac-a204-cf07ca824344", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-r2dbc 5.3.27.tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cccf0a27-f415-5b91-9406-0d0609176645", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.27.tuxcare.1 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0851a9e1-bd78-5403-bf45-8ea59212792c", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.27.tuxcare.1 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1da7c09a-de51-5cc2-931b-f7bf9c42880d", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.27.tuxcare.1 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e8e87ce7-9261-5924-bc36-4aed872b48e6", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.27.tuxcare.1 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:94258284-a33e-508d-96be-4e1ee2ee83af", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.27.tuxcare.1 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9d929344-766e-5758-8373-28b4b213b005", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.27.tuxcare.1 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:80cad441-ba01-5353-8621-cfb0bffdf667", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.27.tuxcare.1 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:aa7f5040-e788-5d5e-928e-230d34aa343f", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.27.tuxcare.1 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:41508fa9-7ebd-5646-a4fb-aeb7a7721011", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.27.tuxcare.1 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:654d8923-82a3-520a-ad67-492cd790fcd6", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.27.tuxcare.1 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:781ddd27-09a0-59f6-98fb-e05e3bc3b450", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.27.tuxcare.1 of org.springframework:spring-r2dbc. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41840. The vulnerability was previously addressed through backport commits for CVE-2026-22740, which applied the identical doOnDiscard cleanup logic to prevent resource exhaustion from multipart request processing." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c01f7e4e-b030-5727-ab55-86ac147a7f2b", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.27.tuxcare.1 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c31e0671-c3ad-540a-ae46-c1cfd2e18cf3", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.27.tuxcare.1 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:22dc1444-7ea4-5605-b917-4a797c1664bd", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.27.tuxcare.1 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e753af20-c86b-54c2-9728-a43cc1bc2d25", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.27.tuxcare.1 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2b23ab50-1f10-5997-a3f7-25026875d066", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.27.tuxcare.1 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:21b26a35-0e70-570d-9b90-3a768bbfec79", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.27.tuxcare.1 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9b49ddbd-6d6c-5a98-b416-f94d1abac3a6", "id": "CVE-2026-41847", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41847 does not affect version 5.3.27.tuxcare.1 of org.springframework:spring-r2dbc. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41847. The upstream commit 07ba95739bf4451742e4ee6b4d4b2d0ee5f701bf is present in the current branch, and source code inspection confirms the vulnerability has been patched." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c601ead2-ad08-574c-b2d9-ee1b3dacd849", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.27.tuxcare.1 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bbd52f66-824a-5c02-bfcc-a95c9d8711e9", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.27.tuxcare.1 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cebdf0d0-181c-54d3-ad54-94ce479fb480", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.27.tuxcare.1 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:594bc482-bd15-5e34-b983-07ec6c608ea4", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.27.tuxcare.1 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:477fe1f4-89fc-5790-a5d0-dd0d87aba3e8", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.27.tuxcare.1 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7a3107f3-d102-5d6b-93c0-ec322af00dec", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.27.tuxcare.1 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27.tuxcare.1" } ] }, { "bom-ref": "urn:uuid:736705f6-08ce-571b-900e-c483bb2e636b", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.27.tuxcare.1 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27.tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.27.tuxcare.1" } ] }