{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:1dd23172-08bc-5395-98a2-0f452414445e", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-webflux@5.3.29-tuxcare.4", "type": "library", "group": "org.springframework", "name": "spring-webflux", "version": "5.3.29-tuxcare.4", "purl": "pkg:maven/org.springframework/spring-webflux@5.3.29-tuxcare.4" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:8276edec-8d86-5bbc-ad1e-673c1ce38217", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.29-tuxcare.4 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:fabbf3c1-07da-580a-ba0c-ba3b27892085", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c6abb7b3-0bfa-5f82-aea3-99ca368c8ddf", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:2cbb928d-606a-500f-9381-9141f20624e3", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c292c489-b1ac-51b1-9775-1c322993930a", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:39604aeb-85d3-5087-b95e-365f2fafdf53", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8128cee6-fefc-595e-82f8-8e64f133e756", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b95e2586-037f-54a6-bd39-61b283089e0d", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:67e6e11b-14cb-57e8-9a79-829c1b2fad37", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a1321814-7e14-5f16-9419-5e6bd841e746", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:7a04de09-0beb-5714-8a44-3eb09fa30580", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:6c5d80d4-ad63-5248-aed7-cf8ec9bc8ade", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-webflux 5.3.29-tuxcare.4." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cb979b41-266f-5688-b71c-1c77a8b00b21", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:fbc57891-8d5f-5ad5-bc66-19bdf545a96b", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:48de7690-2748-5672-97b0-1a7c472be003", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:109d655f-51c9-597e-98b6-c2c06ef73522", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.29-tuxcare.4 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:027cbecd-47f4-5aaa-bfd9-748b05ff90f7", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.29-tuxcare.4 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:c4f3459f-2250-536e-8ef4-90525f53e4d1", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.29-tuxcare.4 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:f99a0651-bb3d-505e-a913-6436798fd471", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.29-tuxcare.4 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a99479dc-3de9-5672-9b69-731589243cb6", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.29-tuxcare.4 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:fd8aaf52-6e13-5da6-aec4-61d591b2a8e8", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.29-tuxcare.4 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d3b68faf-5818-55cf-810f-2b9e51f3f704", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.29-tuxcare.4 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ee9368ec-ef30-53b0-9849-9490bbd4b6fa", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.29-tuxcare.4 of org.springframework:spring-webflux. already_fixed \u2014 The target repository (Spring Framework 5.3.29-tuxcare.4) already contains the complete fix for CVE-2026-41840. The fix was applied on 2026-05-19 as part of a TuxCare backport for CVE-2026-22740 (commit bc0026ae70c), which addresses the same multipart request DoS vulnerability with identical code changes." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:95a7aba6-488f-5d2a-8d7e-84584c56c71f", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.29-tuxcare.4 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:aadaf27c-619a-5e31-b907-d0a1f25d038a", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.29-tuxcare.4 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:9e6bfade-8d83-5260-89cf-5aeebfa690bd", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.29-tuxcare.4 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:b1d2e698-39f5-5e46-851c-32e8d7738838", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.29-tuxcare.4 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:4764df20-02f3-58f1-a9d4-78ea8e778cf5", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.29-tuxcare.4 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:191aa74c-c0aa-5029-957d-cbc6bc5f311e", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.29-tuxcare.4 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:01e4bfbd-7ef2-5f83-9967-2891ea133935", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.29-tuxcare.4 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:8f0678e1-42fa-51e9-84a9-50b9864ffd64", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.29-tuxcare.4 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:ba3c529b-6f27-5ec4-ae2a-3bffbeae6b5c", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.29-tuxcare.4 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:5082368a-8665-5a0e-b8ce-427ef14a8e81", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.29-tuxcare.4 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:cb45b62f-0310-595a-bdcb-1e373ee20d38", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.29-tuxcare.4 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:0fe81d4b-1a14-560d-8c33-97e665906e0b", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.29-tuxcare.4 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:d99f97b0-3973-5c4c-950e-9d9fbb1156a9", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.29-tuxcare.4 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.29-tuxcare.4" } ] }, { "bom-ref": "urn:uuid:a500f825-dbb7-5b20-874b-3dfdfd46ecba", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.29-tuxcare.4 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.29-tuxcare.4" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.29-tuxcare.4" } ] }