{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:60ae184f-150f-5e53-b890-259832ef6c7a", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.5", "type": "library", "group": "org.springframework", "name": "spring-webflux", "version": "5.3.31-tuxcare.5", "purl": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.5" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:f01a06bb-4774-5636-a5d8-33e16c25d684", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.3.31-tuxcare.5 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9fd481b4-d452-5eda-af27-3e0a6ad4d5e8", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:dd8a9273-c776-5e7c-8654-65e82a31ebf7", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:7440964b-6e65-5e48-a1b1-3d1d49b5208b", "id": "CVE-2024-22262", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22262 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:443d29db-2c95-50f6-a67d-44e526cca344", "id": "CVE-2024-38808", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38808 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9ce907ff-6674-5846-8385-a8bb7fd3c8e3", "id": "CVE-2024-38809", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38809 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ed948067-0b9a-5142-b93f-273942b0c3d2", "id": "CVE-2024-38816", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38816 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c94d9af5-c036-52f9-83f2-ec7792a0eba4", "id": "CVE-2024-38819", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38819 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:17868ed2-2e00-57c2-8862-c2c0b8f8a117", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:4e8f54f8-a80d-5d2c-b2b2-3a437c70e9b3", "id": "CVE-2024-38828", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38828 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:5911d5a4-4118-5e87-89e4-d2dfdcb1d18f", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:017845bd-f81f-5e4d-8a02-da4fef768722", "id": "CVE-2025-41234", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41234 is a false positive for org.springframework:spring-webflux 5.3.31-tuxcare.5." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:5918a93b-6a46-5931-a1c3-0d9e1f30b082", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:9067e915-33df-54fc-b146-4637df7c8f74", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:5eaa031f-f881-55d9-8563-a02a5f1e9328", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:5da3d9db-463a-5e44-ab91-ae4e56e10706", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d11f11aa-eb4d-54b6-8c0a-ca342dcf3cb7", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:71029371-b38f-5c3b-99f3-480e41ab9813", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:735defa0-e648-55b2-b4b0-a462fb31c142", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 5.3.31-tuxcare.5 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1396d9b7-a50e-5606-9cde-513a9dabaf81", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:94bfc042-4a18-57eb-a29a-03c061c8f0a0", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 5.3.31-tuxcare.5 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1d768ac0-0781-57cc-9f41-c8cb848698d2", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 5.3.31-tuxcare.5 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:0af0bbe5-d44c-5c6e-aeae-3061222e573d", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 5.3.31-tuxcare.5 of org.springframework:spring-webflux. already_fixed \u2014 The target repository (Spring Framework 5.3.31-tuxcare.3) already contains the complete fix for CVE-2026-41840. Both required doOnDiscard handlers were applied via commit 615477c88f (labeled as CVE-2026-22740 backport) merged on May 4, 2026. The code changes are byte-for-byte identical to the upstream patches." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:02d45d2e-b2ed-5022-96b7-dfd474a1c2e0", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 5.3.31-tuxcare.5 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:ae7d32b1-4122-51fb-8810-9f864996c28b", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 5.3.31-tuxcare.5 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:4236b9bf-fcf8-5c0e-8bd5-2797ade06f11", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 5.3.31-tuxcare.5 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:667fef4c-0eea-570f-a10c-cdd3cd775db2", "id": "CVE-2026-41844", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41844 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:60e6c33e-5ff4-578e-b1b0-29dbb52c1025", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 5.3.31-tuxcare.5 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:89b0d9c5-c4b5-5c63-b62c-d75e4d982efb", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 5.3.31-tuxcare.5 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:89812f7a-a049-5549-89ae-52f941feb1d4", "id": "CVE-2026-41847", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41847 affects version 5.3.31-tuxcare.5 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:1b1170d3-85bb-5cbc-96be-fa40689a42b3", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 5.3.31-tuxcare.5 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:d7e67dd9-5f3f-53ec-8b9e-0e586657d786", "id": "CVE-2026-41849", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41849 affects version 5.3.31-tuxcare.5 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:c51bbc35-d2d8-5d05-8b27-9e84337f0051", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 5.3.31-tuxcare.5 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:659e8bfe-1495-5900-a12b-ede991f8cf9b", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 5.3.31-tuxcare.5 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:88eb5569-e2cb-519b-b260-91b6340c9bb8", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 5.3.31-tuxcare.5 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:8de4d559-81e8-5c1d-b5c8-c8ad5bc85641", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 5.3.31-tuxcare.5 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.5" } ] }, { "bom-ref": "urn:uuid:98cd22dc-e90a-527c-a109-ad1aa98e3a6f", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 5.3.31-tuxcare.5 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.5" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.3.31-tuxcare.5" } ] }