{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:a33a1dde-f056-5e52-96b5-0e24e6dd72a4", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.29-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-r2dbc", "version": "5.3.29-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-r2dbc@5.3.29-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:bbf97f4d-18a5-5bc2-ad99-64fbd1e8b15b", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.29-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bcd65651-a106-5170-ab33-0968c0ff6805", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:81b10fff-9965-50af-a35b-9296e97d6feb", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:20059ee6-47d6-58dc-8d0e-df9ae5fa6fbd", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:88665dea-7c77-5e82-ae3a-d83d32ce6f98", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a4a9be32-9106-5e00-a13e-fef31a251f41", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9fe0e635-68f8-5407-8721-31031c4a799a", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:292b694c-51eb-5cfb-9a56-4e9d379ce2f0", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f06d9065-0c65-5913-bd66-791d050e65f8", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fadce025-d180-523b-b4c0-169ebfcc2579", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0b0f2ce8-2ead-5950-b87a-13684d18634b", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8bb06536-48fc-55e5-b01d-3ad7bf0390e2", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-r2dbc 5.3.29-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:aa213546-56c0-52c1-aa95-960cfb215d46", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1a7fa627-e855-5883-ab05-617bba8f3595", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.29-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:91cbd00a-db82-55cb-8668-8d450de5c68f", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.29-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0820ff40-102f-56cf-b063-1eeda9f9ab8a", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.29-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:43f0908a-3a82-5288-888e-ab483fd5cfa9", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.29-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:db391d05-0f10-5f34-a23a-84902dd09adb", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.29-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c845b0dc-098b-5df1-af70-716c8b8c5835", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.29-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a2945d3e-5346-517a-b05d-6a988c2bc70c", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.29-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:52da2338-ce1b-55cd-babc-2be23fa061d8", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.29-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6a317884-28ac-54d3-8558-b6c3db2be1f6", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.29-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3a711bfa-6fd7-5b57-ae58-6fd1153479d4", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.29-tuxcare.3 of org.springframework:spring-r2dbc. already_fixed \u2014 The target repository (Spring Framework 5.3.29-tuxcare.4) already contains the complete fix for CVE-2026-41840. The fix was applied on 2026-05-19 as part of a TuxCare backport for CVE-2026-22740 (commit bc0026ae70c), which addresses the same multipart request DoS vulnerability with identical code changes." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:65c73ebb-0607-5876-b764-6f1629cd8ac6", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.29-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b6f22240-71b0-5a5b-89bf-668fe1868ae5", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.29-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:146590a6-e182-5cdf-92c3-fb2914423526", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.29-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:477218ac-d3b6-58f1-b8e9-a601f1c418c0", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.29-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fb2a0ace-b1ae-599e-b64e-d0909f96ae86", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.29-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:45149899-0638-596c-8023-c97ea1622cca", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.29-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:714510ef-cb5e-559c-86de-de1e7266096e", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.29-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:19ac1b46-0b92-53cb-b2a2-4e2da5c9dcb7", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.29-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cf8290bb-d7c5-5e02-86a5-efdac729a623", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.29-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7d0cae9d-98f4-51c0-9312-39e1c9cf9e67", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.29-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6091a7bb-de78-53bd-95c9-5becce6ef283", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.29-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4a97012a-13cf-5744-8614-f05650a68f7a", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.29-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:944ad352-a226-512c-b420-90b169ea5a2f", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.29-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.29-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:85950b22-30a6-5945-8cbd-21706e1b25c1", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.29-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.29-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.29-tuxcare.3" } ] }