{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:4781d709-f8f5-5867-86c7-bed1c78d64c3", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-webflux@5.3.29-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-webflux", "version": "5.3.29-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-webflux@5.3.29-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:45c38cd1-30b3-5387-a1d3-b9703626e5b8", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.29-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2d6edfd1-0619-560b-82c5-46a1ae473316", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f99ce023-606c-5868-9adb-0fb6463643e5", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a0464ca5-67df-5166-b7c9-013013d1b2a8", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.3.29-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:89d08684-e18f-5622-8e37-dc0c931a61ad", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.3.29-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4a7c9ca6-3b3a-5e2f-bfa3-9efd3026e3bd", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ab5c487b-9ee5-5605-87b4-b4caadf2d3e2", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dc74a61b-178e-52d4-aa6d-7bcbb2bd2667", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.3.29-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9b89ba4a-780d-547e-a5f4-58db167ecb85", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e0fe03b7-d120-5e1a-8a5c-e91534cfe6b0", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b6d267a5-8ea8-52cd-b0f9-a40ecbb5b862", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.29-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2496ead8-c6c5-5327-a609-ea42cadf756e", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-webflux 5.3.29-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2afc218f-18b8-58f0-8074-538666fb832e", "id": "CVE-2025-41242", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41242 affects version 5.3.29-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3b6f25d9-2a13-5c51-8608-66e6a777a64f", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.3.29-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8cc72d13-5f8a-5afc-8e7b-6ff3582bae1d", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.3.29-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a1659ba8-7919-590b-b507-d41b0eb5eb4d", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.29-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b5727d28-2cd1-565b-9697-d235e6256b67", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.29-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8791fd97-e060-59f3-a1a0-201e49f4139d", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.29-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:83c26127-a89b-5600-871d-c9716e540255", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.29-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9791cae6-9a8c-5323-906e-7272fe27725d", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.29-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2a29ae53-9dae-54ba-8d5d-1a1b05ca0206", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.29-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d0c58549-7f6d-51ab-a632-88c134d15dbb", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.29-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b068fd60-dc94-54a3-817e-8d77a7d475cb", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.29-tuxcare.2 of org.springframework:spring-webflux. already_fixed \u2014 The target repository (Spring Framework 5.3.29-tuxcare.4) already contains the complete fix for CVE-2026-41840. The fix was applied on 2026-05-19 as part of a TuxCare backport for CVE-2026-22740 (commit bc0026ae70c), which addresses the same multipart request DoS vulnerability with identical code changes." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fc2c2c57-f075-5560-9b26-99e02fb4c026", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.29-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c29f17ad-2e75-58f1-b8c7-4f0db1d155ee", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.29-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4b54b4c1-89f7-52e3-aba2-2fb77090f511", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.29-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fdc2cc42-d151-523a-876d-f7fa61b8d597", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.29-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c469664e-6a29-5267-9b8e-6872a56453d7", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.29-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:95556545-397e-57bb-83d3-8ba7b5074962", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.29-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a372e0cf-ed25-5f1a-b474-8e58bf1076c1", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.29-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:11b94803-91d8-508a-b5c9-a3c736cec2e6", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.29-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:001a2124-34a4-5722-8ec3-560b0e45202f", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.29-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:740432a6-3092-5520-a6c2-39028ffae738", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.29-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a2419aa0-c75c-504d-a6c8-8a3d02561887", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.29-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:038aea31-b998-5254-9e40-699b554a3bd6", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.29-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b0831856-7cc2-5e93-9ad7-87c5a7e486bf", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.29-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.29-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:23519f4e-3576-5048-a509-d8b175329834", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.29-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.29-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.29-tuxcare.2" } ] }