{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:5b26a8ee-a283-5c58-b492-8244440dd834", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-webflux@5.3.30-tuxcare.3", "type": "library", "group": "org.springframework", "name": "spring-webflux", "version": "5.3.30-tuxcare.3", "purl": "pkg:maven/org.springframework/spring-webflux@5.3.30-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:2131a592-66d0-5174-9f1e-763a2240dcfa", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.30-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6081e7f8-3ce0-5bfd-bcf3-a54c579e807c", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9fb8f023-8121-5777-be2a-702c8f28eb16", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0db4e13c-88e4-559e-a923-3cfd8dfd060d", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:86ed1f8f-6ee0-5ac8-b10e-5abf67c8826a", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:372b505a-0998-56d9-b95e-6b1cb851c0bf", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c0e644ef-3ec9-5ab2-92ae-0d3252ce6a88", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:3c190b45-7583-532b-b18f-54f93d058fff", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:810b13cd-d4a8-534e-8956-85a067bbf544", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:25a5a97d-3bb4-5ab1-8dac-f0457b98a32e", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:95d26072-3253-59f9-b795-d12dd1de5200", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:dbce9522-2427-572e-8163-2ea8336c0798", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7854ef9b-7259-514b-baf7-a95df180a43c", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:aee34633-0509-5200-8f26-5bf7e18cc6a0", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:ecaa7ef1-b6fc-56c2-b11c-e6aaa498861e", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:78f3491a-b6fa-5698-b1d4-d0b891594519", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f5bae22d-8f84-552d-9220-973af9f2c0ce", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:6d61bd5b-5aa2-50f7-a2d3-d31a828b20c1", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:52c1f3ab-2012-56f4-afb8-a8bac1fd3208", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.30-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9e7dc162-dab7-53ab-bf88-b7a67868e9a0", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.30-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:23c7e07c-501b-58a4-bfb2-cd12565fba25", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.30-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1f546a27-5f77-5ff5-b5da-ed3b1e171dce", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.30-tuxcare.3 of org.springframework:spring-webflux. already_fixed \u2014 The target repository Spring Framework 5.3.30-tuxcare.3 already contains both fixes for CVE-2026-41840. The identical patches were previously backported by TuxCare as part of CVE-2026-22740 (commits 1a619adbfb and ee9443b0bc, merged May 2026). Both doOnDiscard handlers are present in the current code: PartGenerator.java releases data buffers on discard, and MultipartHttpMessageReader.java delet..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:db2285a1-f1cb-593f-bd10-e999dbcfb529", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.30-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c2440d60-9b5a-52b4-975b-c6a80fa0acd1", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.30-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:19cfeebb-13dd-59b4-94aa-3e916c3df9c8", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.30-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:d751bb84-50d6-5f46-a4e7-75060be36229", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 5.3.30-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:acf44143-0987-57ff-8744-1cc7f2338481", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 5.3.30-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a722877c-85c5-54cc-8e92-f49828739320", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.30-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:54236500-f287-5bc0-9ac6-cde7eb472b2a", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.30-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:cb200c2f-116b-5114-8cce-2dc4f7e14d81", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.30-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:f85460af-fdff-5f3f-bde8-0e52bbb7f07f", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.30-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:73b828c6-0f59-5257-b4e0-deb20199016f", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.30-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1a2dc224-14f0-5aa2-b312-67c4a95f4834", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.30-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:dbe22710-c464-5146-8fbb-61bf4aa60b22", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.30-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:49600f50-d303-5de0-943c-85d36d334f80", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.30-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.30-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:1d6d1b13-c760-5cb8-8a41-27137c1102a7", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.30-tuxcare.3 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.30-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.30-tuxcare.3" } ] }