{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:bbe05279-9e85-52a4-98ca-33abdf713641", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.30-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-r2dbc", "version": "5.3.30-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-r2dbc@5.3.30-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:23c01e24-c47c-5808-8236-660208e150d9", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.30-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1830e70a-cb34-5c82-a1b1-7a1ce9a31e1d", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6b4f1a1f-48db-5833-8a38-d6ba00b90da1", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0763c9a2-3724-5ca9-a153-7e8fcd140ade", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4dc98904-f296-52ef-8589-01111ab3056b", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fc2c5763-93fb-5576-b8c5-bf16c9f8c28a", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:862f758c-93ed-541d-8b41-d34eb06dd553", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:67de85c8-5ab8-5801-ae12-0f4a99fa94dc", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f50cbb8e-5022-5309-ac59-f464cb20dd57", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:40d66579-ac0a-5357-b47e-e24465879607", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:828a24aa-5ddb-502f-bea9-8aa14d29b526", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:81bc7d78-a35b-559b-a926-8031390322db", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:82cc4937-8b05-5c93-ad3b-a1ab807bd509", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ab74e166-f790-5353-8de3-3dd544b7899b", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:362b019b-71a6-5ec2-bf92-e3cd743bccae", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 5.3.30-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:29b08233-1e2d-5de5-b8e5-1e0048eb6a75", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 5.3.30-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:772f4a18-1a39-5c13-90bf-e14a9f20d1dd", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.30-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a1c4bb6a-25af-538a-8ec5-edaeafb8c6a4", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.30-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:93a94632-61bd-556c-90d5-a72c98a2cc4e", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.3.30-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e9bfde21-d797-57b0-a294-594401e4bbe9", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.30-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:232fa8c2-f342-59e3-877d-b30779cd5f83", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.30-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:61c87c9c-4011-537e-b306-afb3e22451fa", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.30-tuxcare.2 of org.springframework:spring-r2dbc. already_fixed \u2014 The target repository Spring Framework 5.3.30-tuxcare.3 already contains both fixes for CVE-2026-41840. The identical patches were previously backported by TuxCare as part of CVE-2026-22740 (commits 1a619adbfb and ee9443b0bc, merged May 2026). Both doOnDiscard handlers are present in the current code: PartGenerator.java releases data buffers on discard, and MultipartHttpMessageReader.java delet..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4224ee26-1222-56cb-befa-b8440764d8ae", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.30-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7e75441f-6035-5d42-8853-262cda81bacd", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.30-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ab763562-fd46-5d02-b1ae-0d50a71a3c2e", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.30-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fac01119-7af0-5ffe-b3d6-9ba16d5df234", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.30-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fd074e87-7a23-5557-9651-202ee7d0da4d", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.30-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:71668514-e3ea-5883-a6d1-020b6e33d70c", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.30-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:77dc394b-9492-5a11-b78c-8d55bc3b07cc", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.30-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0357729e-deeb-5813-b8db-aa4f15105641", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.30-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cea50c5f-8d08-5298-b1c2-fa657ed37d57", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.30-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a91a2bbc-c76c-559c-9b32-dd148cc6f0c8", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.30-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ea54240f-caea-54b9-aa7f-87fef8049ef3", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.30-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2f80b10d-cc57-53ac-8571-6582efd6f87e", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.30-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:06b1edf2-11c1-536a-b6ab-878eea0eb272", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.30-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.30-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a724dc84-070f-533a-8b51-ef8025ad4ea5", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.30-tuxcare.2 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.30-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.30-tuxcare.2" } ] }