{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:ab1f7629-12ef-5b64-87c7-6de62593d125", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-webflux@5.1.20.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-webflux", "version": "5.1.20.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-webflux@5.1.20.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:be6b31cd-4bc6-586e-88e9-7bc3e2493d1a", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e0e7aa89-eb1d-5e51-80e1-cd61a0b8f54a", "id": "CVE-2020-5421", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5421 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5334ab8d-c54f-5074-b046-7f24612d9f0e", "id": "CVE-2021-22096", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22096 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b10d7dd9-45cd-5b88-9242-62d8c7fc71b8", "id": "CVE-2021-22118", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-22118 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dec36992-9f14-5379-99c1-291822681ee1", "id": "CVE-2022-22950", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22950 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:41a21fd4-011a-5ab5-9e4d-9f6411feacd8", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a5ae4df0-77be-5d5f-92fe-b1be275aa188", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2ce84fb2-215d-5f80-ab35-0a52347b8141", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fbff8ff5-daac-5b4d-a769-9d4422440eb6", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4bbd6f69-5b4e-5a81-b64c-1ae998eceb03", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0665818b-7921-5e02-80fb-fb710869bc58", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9d08e0b4-47b9-5a8f-90f8-f2bef8e1a2d7", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:22f5fff5-d0a0-54cf-a73e-6b3f73f0879c", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:73787018-1056-5860-be61-ab5c2d8cb48a", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fc1ed8e8-27e6-585d-948e-9d1b8f1981a5", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d12842e5-8a89-5a84-9958-d37fe6df752c", "id": "CVE-2024-38809", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2024-38809 is a false positive for org.springframework:spring-webflux 5.1.20.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d9937ff9-7951-5f87-a46a-7e35999b7c9d", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c4930df0-1b65-5124-884e-5230b3a89877", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cb006138-4938-55b5-b845-36eca26f0a71", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:53c0fee5-3f3e-5ee1-8b99-e3827756a14c", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:177f11ee-e444-5bbe-b89a-ce8f539d7d35", "id": "CVE-2025-41249", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41249 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6c0c8331-da9a-5b3f-850a-57151880c412", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b5eba860-970f-5277-9e25-1a2503a1f102", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:19ab0837-1ed7-5814-aefa-5e98052b4d2c", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6b9ed07a-003e-5528-98d0-e73ef3862ec4", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9973d0a8-22e9-5990-9e9d-c0853e8a3678", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dd1e20a6-fe0b-563b-b52a-356c46811f54", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7a1e64bf-4363-5f03-b5c1-7f9681bf1fdd", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-webflux. not_affected \u2014 Spring Framework version 5.1.20.RELEASE-tuxcare.2 is NOT affected by CVE-2026-41840. The target predates the vulnerable architecture (PartGenerator/MultipartParser) introduced in Spring 5.3.0 and uses a fundamentally different multipart parsing implementation (Synchronoss NIO Multipart library)." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:166e8b0f-ea55-569e-a7ca-499e9c6ac9ac", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ebe828be-ba9e-57d2-b37a-12496f4607cd", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:acd4b88b-aff2-5cca-854b-5ff75cd07578", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1c0b901f-e247-5e70-bb71-3797afa906b8", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:df77457a-41c7-55f6-a100-9afdfece67ea", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e1a6f897-61f2-5f26-afab-91cbd95a68bd", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d93ac11f-55f8-5e70-8731-a90bd6487463", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9da85441-aefe-5893-bd5a-e66747e4eb01", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:405d05f7-b246-5527-b1f8-bd54de5739ab", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1596de4c-f483-54dc-9379-449acc155694", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fe1b8ac4-9c80-5c79-b304-030c64b3621d", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a3a2b4fe-a906-565c-a603-99f10d3ad527", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a6aff715-2774-5ddf-9bd0-92c10cd68225", "id": "CVE-2026-41853", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41853 does not affect version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-webflux. not_affected \u2014 Spring Framework version 5.1.20 is not affected by CVE-2026-41853. The vulnerability affects versions 5.3.0 and later, where a new native multipart parser (DefaultPartHttpMessageReader) was introduced. Version 5.1.20 uses different multipart parsing implementations that do not contain the vulnerable code." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.1.20.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7e8ec9b9-98d1-5b34-bc05-9901cbc8a086", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.1.20.RELEASE-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.1.20.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.1.20.RELEASE-tuxcare.2" } ] }