{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:c5816fa7-6d53-5a42-9f9e-eef4fd27c74b", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-zh-CN@10.1.42-tuxcare.2", "type": "library", "group": "org.apache.tomcat", "name": "tomcat-i18n-zh-CN", "version": "10.1.42-tuxcare.2", "purl": "pkg:maven/org.apache.tomcat/tomcat-i18n-zh-CN@10.1.42-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:210b0dff-6c88-5ad8-a05c-e032d77d2621", "id": "CVE-2024-23672", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2024-23672 does not affect version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-i18n-zh-CN. Tomcat 10.1.42 is not vulnerable because CVE-2024-23672 is fixed in 10.1.19 and affects only 10.1.0-M1 through 10.1.18, and 10.1.42 is later than 10.1.19." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-zh-CN@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:649b47ec-1255-57d7-9a40-3fdb742bf3e0", "id": "CVE-2024-24549", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2024-24549 does not affect version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-i18n-zh-CN. 10.1.42 is not vulnerable. The issue is fixed in 10.1.19, and 10.1.42 is later than 10.1.19, so this version already includes the fix." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-zh-CN@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fb34348f-3488-5efd-a25b-cfb9a3c5ae5d", "id": "CVE-2024-52316", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-52316 affects version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-i18n-zh-CN." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-zh-CN@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:7ca24b21-f4d6-54c3-ae6e-4e0b99733944", "id": "CVE-2025-48988", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2025-48988 does not affect version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-i18n-zh-CN. 10.1.42 is the first fixed release in 10.1.x. The fix is already included in 10.1.42." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-zh-CN@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:daa5ac73-d14e-5f75-828a-193bd1ad5cfe", "id": "CVE-2025-48989", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48989 is fixed in version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-i18n-zh-CN." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-zh-CN@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3a1b4e68-1bb5-598a-9162-8b8670133ed0", "id": "CVE-2025-49125", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2025-49125 does not affect version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-i18n-zh-CN. 10.1.42 is the first fixed release in 10.1.x. The fix is already included in 10.1.42." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-zh-CN@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:87b0820d-e70d-5592-825c-28f57e732128", "id": "CVE-2025-52520", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52520 is fixed in version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-i18n-zh-CN." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-zh-CN@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6a5ff6e2-7f51-5217-9e12-84b021c710db", "id": "CVE-2025-53506", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53506 is fixed in version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-i18n-zh-CN." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-zh-CN@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:82bb1f41-02c7-561d-9825-c73caa7ddfef", "id": "CVE-2025-55752", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55752 is fixed in version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-i18n-zh-CN." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-zh-CN@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d8aec777-e5a4-5b75-86d0-b405bb73ff7e", "id": "CVE-2025-55754", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55754 is fixed in version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-i18n-zh-CN." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-zh-CN@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a60587cf-2d18-51d1-9d18-33d9d355bb8c", "id": "CVE-2025-61795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61795 is fixed in version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-i18n-zh-CN." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-zh-CN@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8fae7c82-05e2-50b9-9635-9a1619bd7a92", "id": "CVE-2025-66614", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-66614 is fixed in version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-i18n-zh-CN." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-zh-CN@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b3e7e9ba-982b-5384-8599-2e95bb4181e9", "id": "CVE-2026-24733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24733 affects version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-i18n-zh-CN." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-zh-CN@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:05bc90f5-2c28-5056-b719-24ffae95b3bb", "id": "CVE-2026-24734", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24734 affects version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-i18n-zh-CN." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-zh-CN@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9452711f-7647-5ba6-b431-91a94a9b5c41", "id": "CVE-2026-24880", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-24880 is fixed in version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-i18n-zh-CN." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-zh-CN@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a704df29-95f9-5a7e-9584-03660667596e", "id": "CVE-2026-25854", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-25854 is fixed in version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-i18n-zh-CN." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-zh-CN@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:875bfd2f-8622-585d-85cb-0864cbe53fd8", "id": "CVE-2026-29145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29145 affects version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-i18n-zh-CN." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-zh-CN@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:21edfd1e-b909-5fba-814b-a64681d8f16d", "id": "CVE-2026-29146", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29146 affects version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-i18n-zh-CN." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-zh-CN@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:c16d0fe9-89aa-56cb-b10a-cceeecd02448", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-i18n-zh-CN." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-zh-CN@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0a2ce145-449e-5d5c-984e-391c6c1a9044", "id": "CVE-2026-34483", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34483 is fixed in version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-i18n-zh-CN." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-zh-CN@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:913b4a67-56b3-5d17-8073-248754aeb3b7", "id": "CVE-2026-34487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34487 affects version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-i18n-zh-CN." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-zh-CN@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2e4a2dd5-14d6-5e24-8b90-2413bac79de4", "id": "CVE-2026-34500", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34500 affects version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-i18n-zh-CN." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-zh-CN@10.1.42-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-i18n-zh-CN@10.1.42-tuxcare.2" } ] }