{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:318e65d9-0e97-5b80-b771-5d272d5ed4b0", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-webflux@5.2.0.RELEASE-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-webflux", "version": "5.2.0.RELEASE-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-webflux@5.2.0.RELEASE-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:50c7dfda-4c15-584b-a18a-dbf313d7283b", "id": "CVE-2016-1000027", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-1000027 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8b6bda03-449a-5791-bd1e-8d9bc93a11a0", "id": "CVE-2020-5397", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-5397 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ea9ab29b-234d-5afd-bf19-b810d925e1ca", "id": "CVE-2020-5398", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2020-5398 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4170ea11-bbe0-5a4b-af75-38f39d9cff21", "id": "CVE-2020-5421", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2020-5421 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6121b099-c7f5-5b72-bb36-77b2732b461d", "id": "CVE-2021-22060", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22060 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f67a6329-584f-59c4-8bd1-155647fbad24", "id": "CVE-2021-22096", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22096 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:387a86b4-ea7d-545e-8cf6-5be781328be0", "id": "CVE-2021-22118", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2021-22118 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:49ebe3a8-df9f-5b17-95a8-2c635cac7d8a", "id": "CVE-2022-22950", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-22950 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7e9c6811-5e09-5648-9108-c1f9c8b26265", "id": "CVE-2022-22965", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22965 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5cf6f8d3-c4d9-526d-90a8-e5b8a27a0031", "id": "CVE-2022-22968", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22968 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3652920f-002d-56c6-8c76-06bb6bb40322", "id": "CVE-2022-22970", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22970 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cf8195e4-70d9-5a25-a1c0-5825ffe556c6", "id": "CVE-2022-22971", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2022-22971 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e7b03c2a-d274-586a-995c-76c629fefc63", "id": "CVE-2023-20861", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-20861 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f619751a-fc56-5468-b6f2-715c74600245", "id": "CVE-2023-20863", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2023-20863 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8c478dc1-b454-5b66-a45c-6877804aeec9", "id": "CVE-2024-22243", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22243 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:15bb9231-2fb3-535c-bb16-b72014d626fd", "id": "CVE-2024-22259", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-22259 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:01f03516-71f5-5ce0-a667-cd603fcdf7da", "id": "CVE-2024-22262", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-22262 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1a6846c8-b0db-52c1-84eb-c5853876264d", "id": "CVE-2024-38808", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38808 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d58fe4ea-df42-58b8-b6da-1e8c25e6cdfe", "id": "CVE-2024-38809", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2024-38809 is a false positive for org.springframework:spring-webflux 5.2.0.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a727433d-4e07-5cde-bdbe-7dcc89a557a6", "id": "CVE-2024-38819", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38819 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6876c6da-d190-5e88-814f-c3452e912e3d", "id": "CVE-2024-38820", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-38820 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0535a766-991f-5246-a8e0-86f60528726b", "id": "CVE-2025-22233", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-22233 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0b439a36-8ad4-5575-8455-ffc124e39ce8", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6f679fd1-c740-5ccd-b8c5-bfb555110d47", "id": "CVE-2025-41249", "analysis": { "state": "false_positive", "detail": "Vulnerability CVE-2025-41249 is a false positive for org.springframework:spring-webflux 5.2.0.RELEASE-tuxcare.2." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.0.RELEASE-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b67ed9b7-9502-5abb-bef1-348f5f6307a2", "id": "CVE-2025-41254", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-41254 affects version 5.2.0.RELEASE-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.0.RELEASE-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-webflux@5.2.0.RELEASE-tuxcare.2" } ] }