{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:dc285bd6-8233-514a-b6bc-494addbe84dd", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.5", "type": "library", "group": "org.springframework", "name": "spring-webflux", "version": "6.1.21-tuxcare.5", "purl": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:c40aae7f-5b85-5dc4-a61f-19ed01363483", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.21-tuxcare.5 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:8cb315a3-5850-59a8-9eea-b62ed0da5596", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 6.1.21-tuxcare.5 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:566ef506-f1af-5393-8cec-6bd9b869ca44", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 6.1.21-tuxcare.5 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d1da30cc-d90e-5abf-81bb-c21bede7bc46", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 6.1.21-tuxcare.5 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3536a24a-fa8d-5f0f-b218-7bbb395e57d3", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 6.1.21-tuxcare.5 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b8caf29d-bbbf-5a42-b5d9-641662b1c771", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 6.1.21-tuxcare.5 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:5cdebb40-3c71-554e-8c55-d2e49346d64a", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 6.1.21-tuxcare.5 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:73a93e22-5018-562d-bf84-fd4a9980fc1f", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 6.1.21-tuxcare.5 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7b1c557a-4633-5d68-b8f2-287f7c35f69e", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 6.1.21-tuxcare.5 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:90bc617c-e304-59c9-be29-f6bfbd459205", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 6.1.21-tuxcare.5 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:403fe2b2-1490-5a1c-979e-fd3af7b6d514", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 6.1.21-tuxcare.5 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:210ebed9-13a7-5a7a-a0fb-f1e90bc7a2e8", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.21-tuxcare.5 of org.springframework:spring-webflux. already_fixed \u2014 The target repository (Spring Framework 6.1.21-tuxcare.6) already contains both upstream patches that address CVE-2026-41840. The fixes were previously applied as part of TuxCare backports for CVE-2026-22740 (commit d8aa04a97f, 2026-06-08) and memory leak fixes (commit e7c90921fd, 2026-04-29). Both doOnDiscard handlers are present in the current code, preventing resource exhaustion from multipa..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d12b9eb9-248d-53b0-a894-739f37272d4c", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.21-tuxcare.5 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1ebb678e-041f-5f59-a51f-c0739f661530", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 6.1.21-tuxcare.5 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:b57f2754-104e-5878-a1ca-89ffb0bc4388", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.21-tuxcare.5 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:3adcc4fd-8e13-536e-90b1-d2729108a944", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.21-tuxcare.5 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:db62942d-68b5-5417-8b5f-add3d8f32f12", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 6.1.21-tuxcare.5 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:eef82d98-eb34-52f6-8ca5-e6497f938df9", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 6.1.21-tuxcare.5 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:dfdb13e5-3cc6-5bc0-a107-6f5642cbc333", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 6.1.21-tuxcare.5 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:4c67943e-25be-572d-8fbb-8a0bc3bd3175", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 6.1.21-tuxcare.5 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7993e103-533f-5022-940f-2c7c134e5f4a", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.21-tuxcare.5 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7a88591f-351d-5094-9008-fdda4411dbae", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 6.1.21-tuxcare.5 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:04d60949-ba5a-5d95-8c5d-095f9fe2ad17", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.21-tuxcare.5 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:4e93fcf4-da06-59bc-b1e9-0f9428c419ff", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 6.1.21-tuxcare.5 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.5" } ] }