{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:26da5fe3-7ede-56e6-a599-370781f75ff1", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-webflux@5.3.27-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-webflux", "version": "5.3.27-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-webflux@5.3.27-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:af22c47c-0035-5330-8656-f4ba53d22e79", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.27-tuxcare.4 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4947f054-881b-5839-a210-c1ecb9e62769", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3291e01d-8789-552d-935b-f87341b6979c", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:63d7452b-f4b8-5b7f-a1a2-59b0cd076ba4", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a5ed0047-d5c0-5081-8b38-d44a3a75059c", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:009c00ec-cf86-5d1a-b429-ca8627bc2383", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f8ef3e48-9710-5e47-83c9-de39fc0028af", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3da29717-9101-55fa-aedd-4f100f2d5821", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:e8e4851b-2224-5948-a521-f6d67e307f68", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ba6e4041-10d9-5768-9511-99aad3de04d2", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c6753d3b-8f69-52e4-87a7-bbed85412733", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:dd26462a-0143-5e88-ac7d-c38ebbcffed2", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-webflux 5.3.27-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:76b2bcbb-e303-562c-b23e-0766e5b6bc23", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f4ec4244-c464-5d9f-abf8-b8b2cbc9a461", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0dfd2417-9961-57e3-aefb-c91308f994b1", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.27-tuxcare.4 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0bdf21a5-97e6-5a03-b2c9-ca06b87250dc", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.27-tuxcare.4 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d1039951-d6f7-5488-aa63-f3ca510e4bf8", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.27-tuxcare.4 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:79a7c65a-6ef6-5c0f-a1ea-8f5a9b49412a", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.27-tuxcare.4 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:78b80b67-3c0d-50f8-a785-8f7ebdc74df0", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.27-tuxcare.4 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:060b06b4-a14d-55be-bbc9-718c35a5ec03", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.27-tuxcare.4 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:00a1a400-992a-55ba-aba6-5c4d3f6e0ba7", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.27-tuxcare.4 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9b7c2691-d2d3-58f0-b7d8-fd2182f74744", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.27-tuxcare.4 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:97c16139-c490-5f1b-91bd-7d4490b67698", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.27-tuxcare.4 of org.springframework:spring-webflux. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41840. The vulnerability was previously addressed through backport commits for CVE-2026-22740, which applied the identical doOnDiscard cleanup logic to prevent resource exhaustion from multipart request processing." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4a36ac4b-479d-5a66-bbac-b4983032be77", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.27-tuxcare.4 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:3e8db9fe-341a-5238-aa20-3b488132847d", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.27-tuxcare.4 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c9de0371-fe28-5cb5-ad1d-1e9e5e47ad7c", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.27-tuxcare.4 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6d34c260-dc93-51ca-817f-815bef12700a", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.27-tuxcare.4 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:937ff97c-b9ad-55d9-95bf-c04627b1c8e8", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.27-tuxcare.4 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6ba044c6-7ae1-5776-82e5-34571dde905f", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.27-tuxcare.4 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:bf2ab6f6-5b30-5099-a56d-be5cf24c4e21", "id": "CVE-2026-41847", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41847 does not affect version 5.3.27-tuxcare.4 of org.springframework:spring-webflux. already_fixed \u2014 The target repository (Spring Framework 5.3.27-tuxcare.5) already contains the fix for CVE-2026-41847. The upstream commit 07ba95739bf4451742e4ee6b4d4b2d0ee5f701bf is present in the current branch, and source code inspection confirms the vulnerability has been patched." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:87570519-cf44-54a9-a8a0-b35b29d431b5", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.27-tuxcare.4 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a125bd66-06e9-58ba-998d-59d16ae65d4d", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.27-tuxcare.4 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a1006052-e670-5f9a-a6cc-ab28dee98aab", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.27-tuxcare.4 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:956d8689-4bbb-5211-8e97-d5cfe81dcd48", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.27-tuxcare.4 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2a4aa02b-4f88-57fc-9108-6d1d0de63b57", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.27-tuxcare.4 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:037a8d64-ce4a-559d-9f95-d374c60628ad", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.27-tuxcare.4 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.27-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:210a7a09-c387-5049-bcd4-0110acfc6422", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.27-tuxcare.4 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.27-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.27-tuxcare.4" } ] }