{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:d1a7eda1-54ea-58cb-8565-b09992e688a1", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-webflux@5.2.0.RELEASE-tuxcare.1", "type": "library", "group": "org.springframework", "name": "spring-webflux", "version": "5.2.0.RELEASE-tuxcare.1", "purl": "pkg:maven/org.springframework/spring-webflux@5.2.0.RELEASE-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:fca5bce2-ea0f-54cb-8374-bbcc4db9b10d", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6d8fd4e1-10c3-55b9-8ac6-a0bb27dcf59c", "id": "CVE-2020-5397", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5397 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dc5743ca-500b-52e9-b681-e4108f0a9ded", "id": "CVE-2020-5398", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2020-5398 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:62019524-8fe2-59f0-99bf-8fa59e91b853", "id": "CVE-2020-5421", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2020-5421 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:eb967cc4-1fbb-5981-a8c9-5aba66309392", "id": "CVE-2021-22060", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22060 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f87dc4b9-df1e-501e-bf16-3aa5e492a844", "id": "CVE-2021-22096", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22096 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:182a3fda-7c6e-57b9-83a4-d21a9c62aa47", "id": "CVE-2021-22118", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22118 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dbff3728-085d-51bb-89f2-0c5d853b9c43", "id": "CVE-2022-22950", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22950 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:37749fd9-f443-5040-be3d-9cd44f08470d", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a33305b5-4eb6-51f6-b436-cc5998b3ca7e", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:508f41af-bca3-56ed-8ae2-f84ebf9e2358", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:19b521f5-05fd-553b-92dd-76a554c7ddda", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:887284ba-4db6-5d5d-af35-8cfab3ae726a", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7beb918d-93ab-57f5-ae58-09a71f34c5b8", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7da464b6-ece6-5929-8e31-d433228d8419", "id": "CVE-2024-22243", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22243 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e9414022-b2c4-5ae0-8adc-610866c91578", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dd3bc81b-4661-58ed-94b2-9f2cebc0a890", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:886bc4fa-a6a6-59c4-844b-255fdb9f6650", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d573a1f4-0d96-58b6-aadb-3f8100e699f6", "id": "CVE-2024-38809", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2024-38809 is a false positive for org.springframework:spring-webflux 5.2.0.RELEASE-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f7302a20-922a-5088-a0a1-7b6902e0fecd", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bc4c5dae-1837-5c76-92a8-c11949d575ff", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:21c35a0c-3040-5579-8008-b23ad2f29e06", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ae7257d1-212f-5b74-88a1-c3fc388f143d", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8e454db1-700f-5f99-908f-f744bac04231", "id": "CVE-2025-41249", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41249 is a false positive for org.springframework:spring-webflux 5.2.0.RELEASE-tuxcare.1." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.0.RELEASE-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:39dae541-3aa6-5c69-afd9-c54c24a201c3", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.2.0.RELEASE-tuxcare.1 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.0.RELEASE-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.0.RELEASE-tuxcare.1" } ] }