{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:6a055fae-ca6a-5ccb-8755-babbe986f853", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-webflux@5.2.13.RELEASE-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-webflux", "version": "5.2.13.RELEASE-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-webflux@5.2.13.RELEASE-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:4c559fbb-7015-56f6-b906-8a0599d3e3bf", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:82e89062-59c8-5c24-886d-a649b2087810", "id": "CVE-2021-22060", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22060 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fdb8c9b4-0f29-56a8-b094-6ce6fe2e7019", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e5892d53-0c85-5bac-b9d2-fb384db85e65", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:963648d8-7ef6-5ec0-82c9-540bdf6285c5", "id": "CVE-2022-22950", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22950 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:99317b93-7356-56d1-95ee-64f1060ed5f9", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:67d75556-862b-55b1-9fcc-6564c642e773", "id": "CVE-2022-22968", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22968 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:66b0555d-97b0-59dc-b244-9ae6915addba", "id": "CVE-2022-22970", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22970 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c5bed854-d7b6-5e6b-a84f-95a1aa00cbc7", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c0df4e24-8ab3-5c04-9fb9-555de7fdbf28", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:580e66ba-9f36-5c7f-8967-d5193b28e3af", "id": "CVE-2023-20863", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20863 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:be522116-d631-5dc9-b915-6f6cc8fe3bdd", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:188781fe-6d97-5b21-b020-78454be1ff1b", "id": "CVE-2024-22259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22259 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7b6520c2-9e69-5763-9fff-461c96be940b", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bbeb1a10-6b98-5934-be19-e1c4fd086182", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:97293d64-889f-5a0c-8918-952e6f6ba914", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e5b65322-49fd-5466-bea1-7123592e403c", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:49990e24-fb78-56c6-a658-5531fac8d7d4", "id": "CVE-2024-38820", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38820 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0e54832c-675e-5756-aa96-477ff7fc2011", "id": "CVE-2024-38828", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38828 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:68c433ae-db74-5e4a-8100-b680d8242678", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:57d049ef-0a00-5268-8c42-f409176a64c7", "id": "CVE-2025-41234", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41234 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ba6d94f0-8b9a-5e3c-a02d-ff171d7df81a", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:118f708c-afa0-502e-803f-fb97536138d5", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:85364f29-9ea5-5266-a4ea-412bd91b67f4", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5b649d1e-08e4-553b-9db9-e3e5e36bf44f", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b5c2d8c0-f9a2-515a-ad3a-d823c33ba368", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ad160250-27dd-5c4a-881e-5c11e6e0e35a", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cd6ec82e-8ca6-5cfb-a012-14269e0bfe3c", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fec8ee78-24be-511e-ab11-69f5262e97fe", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-webflux. not_affected \u2014 Version 5.2.13.RELEASE uses a fundamentally different multipart parsing architecture (Synchronoss NIO library) that does not contain the vulnerable components targeted by CVE-2026-41840. The CVE explicitly lists affected versions starting at 5.3.0+, and the patches fix issues in PartGenerator and MultipartParser classes that do not exist in this version." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7fffc140-0c60-5c3c-92a2-4748eeeabe3c", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:22adc648-1538-5c07-9cbe-b50767ed6334", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3b36d3aa-77c3-5bd9-a56d-c99390f6a908", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:170f25f0-3789-5e66-9ff0-c310a4db7237", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c90855a9-35b9-5bf2-b4fe-e93744f9a01c", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3888b4fa-bf7d-58d5-a47b-bc50eeaf9501", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:79ce9098-146e-5394-a389-5c3c9559f6b0", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:68b4b1d2-b63a-5d45-aa79-5e0eb54eff94", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:55c9e8b7-3168-5f4a-933b-a82c6217b284", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6df5eb1b-dbc6-5c63-a97a-1c1ee7e5807f", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a27eb5e2-7c91-5b2b-ab91-7efc16a7e19c", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1aae8de5-c939-5748-b70a-ee9e9a04af86", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3cea1fa8-756a-521d-86ec-aa944fbcd277", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.13.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:35007730-ef58-5c58-8d35-97d9bd3990e4", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.2.13.RELEASE-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.13.RELEASE-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.13.RELEASE-tuxcare.1" } ] }