{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:ed405087-74bb-582c-8f8b-fc3fca0bfb0e", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-jasper@10.1.42-tuxcare.2", "type": "library", "group": "org.apache.tomcat.embed", "name": "tomcat-embed-jasper", "version": "10.1.42-tuxcare.2", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-jasper@10.1.42-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:5471513e-5b61-5c99-be35-274d40fca825", "id": "CVE-2024-23672", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2024-23672 does not affect version 10.1.42-tuxcare.2 of org.apache.tomcat.embed:tomcat-embed-jasper. Tomcat 10.1.42 is not vulnerable because CVE-2024-23672 is fixed in 10.1.19 and affects only 10.1.0-M1 through 10.1.18, and 10.1.42 is later than 10.1.19." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-jasper@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2ccabdab-71d8-57a2-bac5-efed2b280465", "id": "CVE-2024-24549", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2024-24549 does not affect version 10.1.42-tuxcare.2 of org.apache.tomcat.embed:tomcat-embed-jasper. 10.1.42 is not vulnerable. The issue is fixed in 10.1.19, and 10.1.42 is later than 10.1.19, so this version already includes the fix." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-jasper@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:09a0e64e-b20a-5ab0-af75-ded962dcace5", "id": "CVE-2024-52316", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-52316 affects version 10.1.42-tuxcare.2 of org.apache.tomcat.embed:tomcat-embed-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-jasper@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fcf6554d-3656-55a2-80c8-e24284023049", "id": "CVE-2025-48988", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2025-48988 does not affect version 10.1.42-tuxcare.2 of org.apache.tomcat.embed:tomcat-embed-jasper. 10.1.42 is the first fixed release in 10.1.x. The fix is already included in 10.1.42." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-jasper@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2ef354c3-e149-5985-89a2-08c43d31dda0", "id": "CVE-2025-48989", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48989 is fixed in version 10.1.42-tuxcare.2 of org.apache.tomcat.embed:tomcat-embed-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-jasper@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d25c8715-c183-5393-880b-80b8133e3cfb", "id": "CVE-2025-49125", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2025-49125 does not affect version 10.1.42-tuxcare.2 of org.apache.tomcat.embed:tomcat-embed-jasper. 10.1.42 is the first fixed release in 10.1.x. The fix is already included in 10.1.42." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-jasper@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4fef8e08-2604-552b-abb0-2fd41be18108", "id": "CVE-2025-52520", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52520 is fixed in version 10.1.42-tuxcare.2 of org.apache.tomcat.embed:tomcat-embed-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-jasper@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:50dabeb7-2fbe-517f-9f14-ae0232d5ff84", "id": "CVE-2025-53506", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53506 is fixed in version 10.1.42-tuxcare.2 of org.apache.tomcat.embed:tomcat-embed-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-jasper@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2ae0023d-75ba-57b3-a0bf-1aef71379623", "id": "CVE-2025-55752", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55752 is fixed in version 10.1.42-tuxcare.2 of org.apache.tomcat.embed:tomcat-embed-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-jasper@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:cb4bf63e-13b6-5c2c-b42e-9a19c7952d83", "id": "CVE-2025-55754", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55754 is fixed in version 10.1.42-tuxcare.2 of org.apache.tomcat.embed:tomcat-embed-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-jasper@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4ee498b4-142a-5f63-907d-6b0460830c2d", "id": "CVE-2025-61795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61795 is fixed in version 10.1.42-tuxcare.2 of org.apache.tomcat.embed:tomcat-embed-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-jasper@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c03e7297-3ee5-5a44-8c70-a677f7575970", "id": "CVE-2025-66614", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-66614 is fixed in version 10.1.42-tuxcare.2 of org.apache.tomcat.embed:tomcat-embed-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-jasper@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a7a3fd49-6278-5376-baeb-aee2545d0794", "id": "CVE-2026-24733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24733 affects version 10.1.42-tuxcare.2 of org.apache.tomcat.embed:tomcat-embed-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-jasper@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:72f0fb3c-ad1c-5a3b-a922-4d79a6094c0d", "id": "CVE-2026-24734", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24734 affects version 10.1.42-tuxcare.2 of org.apache.tomcat.embed:tomcat-embed-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-jasper@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7fd20236-7c49-5a40-85ae-3346995c699c", "id": "CVE-2026-24880", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-24880 is fixed in version 10.1.42-tuxcare.2 of org.apache.tomcat.embed:tomcat-embed-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-jasper@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2c952912-a668-5110-ad39-38caa440f6c7", "id": "CVE-2026-25854", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-25854 is fixed in version 10.1.42-tuxcare.2 of org.apache.tomcat.embed:tomcat-embed-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-jasper@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4cb6d6a2-f7ba-580d-a4ba-88c64a90e72a", "id": "CVE-2026-29145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29145 affects version 10.1.42-tuxcare.2 of org.apache.tomcat.embed:tomcat-embed-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-jasper@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ceb9f26e-cc82-5779-8036-686ad1559bdc", "id": "CVE-2026-29146", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29146 affects version 10.1.42-tuxcare.2 of org.apache.tomcat.embed:tomcat-embed-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-jasper@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:45cd62b7-4951-549a-816c-4cc966b81f7b", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 10.1.42-tuxcare.2 of org.apache.tomcat.embed:tomcat-embed-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-jasper@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:41babcee-7e63-5ed8-af30-3e5e56b71d5c", "id": "CVE-2026-34483", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34483 is fixed in version 10.1.42-tuxcare.2 of org.apache.tomcat.embed:tomcat-embed-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-jasper@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bd79d8fd-72b3-57b1-8836-28f97bea065b", "id": "CVE-2026-34487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34487 affects version 10.1.42-tuxcare.2 of org.apache.tomcat.embed:tomcat-embed-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-jasper@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f6a882b5-1edf-53d8-9b7f-6be1ad888893", "id": "CVE-2026-34500", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34500 affects version 10.1.42-tuxcare.2 of org.apache.tomcat.embed:tomcat-embed-jasper." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-jasper@10.1.42-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-jasper@10.1.42-tuxcare.2" } ] }