{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:37b1a52e-2601-5613-9f50-5f438b1a582c", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-webflux", "version": "6.1.21-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:79bea55d-2631-5408-ae02-03493a5b440b", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.21-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5921adcc-556f-5a8c-a43d-6c604f8a8f6a", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 6.1.21-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:08cd55a4-d627-5b4f-848d-9faac3c28a31", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 6.1.21-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0939b29a-c1d5-5b03-a0b3-3e6b3436466b", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 6.1.21-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c558d086-1588-5177-84ba-37c9eaa17ec0", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 6.1.21-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0e1deec1-13b3-5f28-aad0-8de2158f8747", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 6.1.21-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b4138f8d-928d-5ef1-a32f-3a1e34cc8aee", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 6.1.21-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bc633cab-4900-54dd-872d-c00114f435a0", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 6.1.21-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a9eb2d4e-b71f-5e0b-9594-9558efd14736", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 6.1.21-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:90c64109-aa71-572e-8762-8de08243ba3b", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 6.1.21-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:dc0f4da5-7b0e-5e2d-8b1c-e3a61cac5ac4", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 6.1.21-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:5798bdc1-1dd1-5668-bca1-e6e426a2c251", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.21-tuxcare.3 of org.springframework:spring-webflux. already_fixed \u2014 The target repository (Spring Framework 6.1.21-tuxcare.6) already contains both upstream patches that address CVE-2026-41840. The fixes were previously applied as part of TuxCare backports for CVE-2026-22740 (commit d8aa04a97f, 2026-06-08) and memory leak fixes (commit e7c90921fd, 2026-04-29). Both doOnDiscard handlers are present in the current code, preventing resource exhaustion from multipa..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b5bf0687-92ba-55bb-b98c-ac5757e163c6", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.21-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ca07f005-c65d-5c58-82b5-80ce0e531d0c", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 6.1.21-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4562146e-3191-579c-85b0-e47f7a48ce34", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.21-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a7cf0ce7-b1d0-55ce-8a79-3ef43fce7cde", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.21-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:00217ae2-2819-5d35-b3f3-8288b1a0a9a8", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 6.1.21-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:340db389-e4e6-5f43-a095-551057e4d946", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 6.1.21-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d605255b-390f-52f9-ad01-708bca0163b2", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 6.1.21-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8ec5fe2c-203c-536a-969f-82e7231c84c2", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 6.1.21-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c6b972d9-a10d-54fb-ad60-5e7b7139e1e9", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.21-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:874c4ab9-95e8-51c8-b427-e69e00d2e848", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 6.1.21-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:2a536cff-4e9c-53d4-a426-925d059676af", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.21-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c87890a9-7d4d-503a-b940-44c1f9ac66fe", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 6.1.21-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.3" } ] }