{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:05434b91-6769-5131-9acb-6f146c74a6fc", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.7", "type": "library", "group": "org.springframework", "name": "spring-webflux", "version": "6.1.21-tuxcare.7", "purl": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.7" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:14cdb18d-eca3-5fa1-936d-6636d3e3c123", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.21-tuxcare.7 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:4f7f23d9-d85d-5d53-98d1-c3714bb75810", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:ecb5c996-13a1-5e08-b577-0d43955830c9", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:04ac72f7-40db-5577-8077-e4f860476a5e", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:901a65d8-2959-55b0-a23c-0eb7a4982ffd", "id": "CVE-2026-22735", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22735 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:c7b2ecf3-fdd4-5c23-a07d-8e5d865e482d", "id": "CVE-2026-22737", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22737 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:baa9bef6-a8d0-5d73-b1ea-e6a7964b23c5", "id": "CVE-2026-22740", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22740 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:3ebbd319-9691-5541-a0a5-0ab83c6f5eba", "id": "CVE-2026-22741", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22741 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:e441ec29-1015-5e7e-b3d0-95988c09ddc9", "id": "CVE-2026-22745", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-22745 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:80bd44e6-87a1-55d7-998b-43a6b3cfdc69", "id": "CVE-2026-41838", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41838 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:9b333d3d-667a-561d-be79-a7f5864ad1ad", "id": "CVE-2026-41839", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41839 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:bd7fc11d-c1e2-5ee6-b738-de1f935d13be", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.21-tuxcare.7 of org.springframework:spring-webflux. already_fixed \u2014 The target repository (Spring Framework 6.1.21-tuxcare.6) already contains both upstream patches that address CVE-2026-41840. The fixes were previously applied as part of TuxCare backports for CVE-2026-22740 (commit d8aa04a97f, 2026-06-08) and memory leak fixes (commit e7c90921fd, 2026-04-29). Both doOnDiscard handlers are present in the current code, preventing resource exhaustion from multipa..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:1a1b7e61-d76e-5e9e-82fa-baaebe1f48c8", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.21-tuxcare.7 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:58355d7c-82a3-54d0-a19d-ec1ef55adb39", "id": "CVE-2026-41842", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41842 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:1a39d6d5-c707-576d-a454-34f86bc85c0d", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.21-tuxcare.7 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:fc81d76e-68e7-5610-af25-79da732de2a0", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.21-tuxcare.7 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:bcb10882-58bf-589c-92f1-b4b93b890716", "id": "CVE-2026-41845", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41845 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:60e0384c-972a-5848-aeb5-5e2b0525d053", "id": "CVE-2026-41846", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41846 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:c2a8f961-3165-5d32-a3af-da70c95cb638", "id": "CVE-2026-41848", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41848 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:b87326ac-363d-59c9-9b39-1ff74fe071fb", "id": "CVE-2026-41850", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41850 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:ba506e2c-21f6-5560-a200-0a39e9111651", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.21-tuxcare.7 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:24ee59ab-863c-54d5-a9ed-c9d30c91e53f", "id": "CVE-2026-41852", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41852 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:5cde3af8-614c-59d0-94c3-6348bd3e20a6", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.21-tuxcare.7 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.7" } ] }, { "bom-ref": "urn:uuid:46169f54-76ba-5e79-ae76-2bcb32a864e8", "id": "CVE-2026-41855", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-41855 is fixed in version 6.1.21-tuxcare.7 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.7" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.7" } ] }