{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:d145585a-7559-5048-83a9-6fd16170d760", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-webflux", "version": "5.3.31-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:72d92fd0-7f31-5bb8-9109-09ffc6cca53e", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:41e5c443-bded-5970-a1c1-add207d35bbd", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bd6de3f3-f18f-5d9a-8ff0-a3617e878006", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a8fce007-cd3e-5c7f-877d-6a3ab737213c", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5cef05d3-7d9b-5b50-9a15-f79ca506b014", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e8662a46-3505-5e1b-8fd9-59dacae33731", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c4a91126-69f1-5583-8fee-9f60ec8fdf2c", "id": "CVE-2024-38816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38816 affects version 5.3.31-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ba79431a-3ed7-5930-8229-63601f06aa79", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:47977567-cfab-55a6-b8ad-da5358356252", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a1c934d0-d186-5aa4-ae53-61ca5d729518", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d93b955c-7410-5a55-9fc1-556ebf1070ae", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.3.31-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8b2be716-8dcd-5f25-b57a-507c66918107", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-webflux 5.3.31-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fd2b7426-9591-56c2-bb48-032b7e1f3782", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e1cad872-fe57-57f3-ad1c-e1cae7862fa7", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:16903deb-31d0-5ac3-adbc-690064248558", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.31-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7e7bfa35-f46f-5c6d-a111-b117f68da66e", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.31-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b35a4bcd-6010-56ba-849c-4accb7a1c465", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.31-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:85e75534-d08e-59c7-b636-fe9306d77e27", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.3.31-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a6642585-b3c8-57c4-b43b-c669e587cbd6", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.31-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d8c75232-7d61-55d7-9248-27016ad7a237", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.31-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:27b446bf-8aae-5366-8d2c-9c4a9f0378c4", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.31-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:67789e14-bd57-5b8e-b3d0-35badb825379", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.31-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c2183fa6-d157-54ed-9633-08b869589aef", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.31-tuxcare.1 of org.springframework:spring-webflux. already_fixed \u2014 The target repository (Spring Framework 5.3.31-tuxcare.3) already contains the complete fix for CVE-2026-41840. Both required doOnDiscard handlers were applied via commit 615477c88f (labeled as CVE-2026-22740 backport) merged on May 4, 2026. The code changes are byte-for-byte identical to the upstream patches." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c14637d6-f4c2-533b-b677-21bb1e691e2b", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.31-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b431dec9-f4ae-59dd-8977-88a944756852", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.31-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:47fdfd89-6f4b-5e51-a2c8-b98b683072c7", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.31-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9f5b83f4-689f-5153-b0dc-fef848fcdc90", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.31-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dbdce50b-04a8-5334-96a0-3bf8d27de7b3", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.31-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fb2ebc96-3436-5f95-b984-104baa42a4fc", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.31-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:df46a43d-44ca-5df3-8293-2c71b17a2cb5", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.31-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:90f5975e-d45d-5d7d-80a8-b8445c9ef560", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.31-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:282018db-ee2e-5923-85ba-3f316b1aea6c", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.31-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e2bcf106-5cd3-5576-9a3f-77d2afd98b86", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.31-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dbd06dff-f2c4-58aa-96b8-4dff8879849a", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.31-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7af7ecba-1426-54b0-8206-2b9fc0f11390", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.31-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7f48ed7d-edd4-58a8-a37f-219a316c4b84", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.31-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:98e1b6fa-4bbc-59d8-9602-12d379f0f939", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.31-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.1" } ] }