{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:024466e4-5ccc-557c-bee9-b82027066d3b", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.30-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-r2dbc", "version": "5.3.30-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-r2dbc@5.3.30-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:ac3a8213-47ab-5a72-97ed-931521722d4d", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.30-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:26ce0f5e-914d-54d6-ac49-5e5a6264030d", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d957c605-1d19-55b8-8534-929328fee3a6", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3efcc09e-ff59-5fbb-8c96-bbc3cf565145", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:98418ad6-d78f-557e-8ee3-9f741833516a", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:bd3c221e-47f1-5ff6-a651-002525790a3c", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6dad3fd7-3373-5c2a-a2a7-7fad4ff32b9a", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0f37b45d-141c-500e-bf57-3fe0e767b068", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8d732abe-1fc8-5187-9a26-405ea742efad", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ca43d826-fd88-5c64-af9c-b6b68363c1ad", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:fcd8d07c-9c9e-5c0b-9a2a-785e636d92b6", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d7c06498-94c4-521e-b94d-ab9b45807b49", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:eaa1b36b-26a1-58df-9241-935d940e87f8", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c8e8ccf2-ced1-5342-8bcc-22e157ca413c", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b9eb0270-0b14-555d-8bb0-1f30d07c6ea9", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:31b547cd-27dd-5057-b856-3e0feb0be34f", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9a91bfc3-6284-5b53-9f06-de0f0030b984", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4d1fff87-5107-5427-b61e-4c3ca0e894a9", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:50f93496-51fd-5496-b4c3-6ffec0fe4c06", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6e1281aa-5a88-50c0-9b9f-6309375db9e3", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.30-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e7c15f9d-acf8-5624-9402-7c787cad82ec", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.30-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8a6bcd00-9399-5cff-b7ba-e0394a3aa2e8", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.30-tuxcare.3 of org.springframework:spring-r2dbc. already_fixed \u2014 The target repository Spring Framework 5.3.30-tuxcare.3 already contains both fixes for CVE-2026-41840. The identical patches were previously backported by TuxCare as part of CVE-2026-22740 (commits 1a619adbfb and ee9443b0bc, merged May 2026). Both doOnDiscard handlers are present in the current code: PartGenerator.java releases data buffers on discard, and MultipartHttpMessageReader.java delet..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a38fc7b5-168c-5d8c-8021-e4150e3835c6", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.30-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7655b62d-98a5-5f49-a87e-f454dbd803d4", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.30-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8969553d-ad98-5aec-8df0-6ff205482512", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.30-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:4ecde01e-cfcd-56fb-8c6f-79e6f5196c5f", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.30-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:696f7e39-edcc-597d-a88f-a3347ee947e5", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.30-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b5e1eda8-704b-5330-964b-65d2fbddc278", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.30-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:88b74f1a-7352-58fd-8307-63cddcf16813", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.30-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ca26daad-b4d4-5148-9cb4-bbb7ba674a3e", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.30-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9ea0a96e-dd3e-5b41-a3c5-5654adc1d83c", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.30-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:43cf2d86-e292-5e83-9f80-bf8a737171d2", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.30-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ff0ea46c-c0fd-5d06-95c2-a65572855088", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.30-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:95ef41e7-ba02-56f4-9071-14692364ffea", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.30-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:55a06928-eac2-57e4-81c3-e8cc05bfab6c", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.30-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:eb705874-11ce-569c-bf8c-4931d1838855", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.30-tuxcare.3 of org.springframework:spring-r2dbc." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.30-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-r2dbc@5.3.30-tuxcare.3" } ] }