{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:f7f6cd61-682a-5777-8564-69a733621cd5", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-webflux", "version": "5.3.31-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:bb559d24-2707-5bb4-9fe4-7cb043c3fb69", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:68dd21c8-5989-5cd6-b7f1-29a19a75d285", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0274bb12-b2df-5b13-b279-63b0840251b8", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:06c8ef47-22c8-548d-b9aa-59ae06f538d6", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:263c9dfc-1bd8-54e1-8dc6-8791bb816262", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e92f5cef-dd3d-56dd-bd05-7221a6aba735", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fc86f59e-61b2-521c-88bb-bb9e09353024", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1166a751-dac3-5084-8a06-7ca482c3cfb6", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d273aeaf-89f1-58c1-92d8-fc6d95c5eefa", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ca9c1ec1-98d2-592e-8319-ad545343d6bc", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ba3449e8-91d6-51dd-896a-83a3bd4383cd", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8c2f0d37-9e87-5ac6-8c75-4d770328b6fe", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-webflux 5.3.31-tuxcare.3." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:03ee2271-9f6d-5ff5-ae9d-f21f71cc21f5", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b77509c9-c5f2-5729-ad0c-954b797c7a18", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e8ebb5de-4d1c-5fd4-8557-b30f23775f66", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:731c69dd-7258-59fe-b2aa-a572be3daf25", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.31-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:38c84af0-ed96-5d8f-971b-23ce28b3bc3f", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.31-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:89389a4e-ec22-5f67-85e1-e5745373fd40", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.31-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d991f0f8-9b57-50f9-b429-b76ccbbdfa40", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.31-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d93a6562-ab9f-5dc9-93a7-0e069acca9e8", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.31-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e9bb6b9f-d483-59c9-96a2-cc040ea089c4", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.31-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2ea2a7a7-bb26-58f8-be8b-ffe412b52111", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.31-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:83382a23-8634-5e69-953c-26f6e3e86d32", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.31-tuxcare.3 of org.springframework:spring-webflux. already_fixed \u2014 The target repository (Spring Framework 5.3.31-tuxcare.3) already contains the complete fix for CVE-2026-41840. Both required doOnDiscard handlers were applied via commit 615477c88f (labeled as CVE-2026-22740 backport) merged on May 4, 2026. The code changes are byte-for-byte identical to the upstream patches." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:29b259cd-12e7-5584-bc57-26a25d635173", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.31-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4f77d3dd-db38-5ac8-896e-0052523f6632", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.31-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4508c8c1-5133-5be8-bce1-931ef51ab522", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.31-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0b4af2b3-6fa4-5b13-8a9f-1b8a78c1e649", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.31-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:53b94b0f-b9d9-5ae6-9c6c-926488d2166b", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.31-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b4deaf02-9143-5ef2-b49b-e37d1ba0bee8", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.31-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:607da291-28e4-55d5-8624-a2cbd624684e", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.31-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1ac7b206-47bd-5bfc-a0e7-6ea6e74b7eaf", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.31-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3b034d08-6b11-5220-acad-ddd4d83d53b2", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.31-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3b0af17d-b2e6-5afb-a0bc-50d406631aaa", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.31-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ed0ccb74-539f-5e8d-97d9-283544187a30", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.31-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bc67cda8-50ac-5170-be66-93928d2b4929", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.31-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bd509074-e727-5563-97ff-579e49cf6e43", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.31-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c9c16212-32d8-5626-83be-dcfb22b26d85", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.31-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.3" } ] }