{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:de5e7800-b641-5fb9-8729-dcaf2f473ee2", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@10.1.42-tuxcare.1", "type": "library", "group": "org.apache.tomcat", "name": "tomcat-jsp-api", "version": "10.1.42-tuxcare.1", "purl": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@10.1.42-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:16b1d39e-78b6-53d4-91a4-7339b37f4e6f", "id": "CVE-2024-23672", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2024-23672 does not affect version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-jsp-api. Tomcat 10.1.42 is not vulnerable because CVE-2024-23672 is fixed in 10.1.19 and affects only 10.1.0-M1 through 10.1.18, and 10.1.42 is later than 10.1.19." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dbb826af-f9d9-5f90-a362-81df40f5b03b", "id": "CVE-2024-24549", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2024-24549 does not affect version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-jsp-api. 10.1.42 is not vulnerable. The issue is fixed in 10.1.19, and 10.1.42 is later than 10.1.19, so this version already includes the fix." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:097f0d01-4e20-5fcb-af72-951a26739f89", "id": "CVE-2024-52316", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-52316 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b8432582-a7a2-5660-b543-bc6bb0ae4788", "id": "CVE-2025-48988", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2025-48988 does not affect version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-jsp-api. 10.1.42 is the first fixed release in 10.1.x. The fix is already included in 10.1.42." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dbb077b0-5f23-5c60-ba4f-93ce7f1bc3f3", "id": "CVE-2025-48989", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48989 is fixed in version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:97bb30f9-69a0-5915-8de8-bd44d0e9f1d5", "id": "CVE-2025-49125", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2025-49125 does not affect version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-jsp-api. 10.1.42 is the first fixed release in 10.1.x. The fix is already included in 10.1.42." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:959c4efd-c252-5cb6-8aac-cddb23a7636a", "id": "CVE-2025-52520", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52520 is fixed in version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:137eab53-c3c7-5143-a149-ea2df8719df4", "id": "CVE-2025-53506", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53506 is fixed in version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2dcc58ef-29d4-5074-95cb-bf08057e9ab9", "id": "CVE-2025-55752", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55752 is fixed in version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:236d53e3-09cd-5841-919f-956e5d9d0cdb", "id": "CVE-2025-55754", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55754 is fixed in version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b8760e76-94ba-561b-9bd3-63e05f48571d", "id": "CVE-2025-61795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61795 is fixed in version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f292bfa7-5263-5892-883b-a508165ed320", "id": "CVE-2025-66614", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66614 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e32c773f-8e6e-5c9f-9b08-918709925629", "id": "CVE-2026-24733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24733 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5f1b0a8e-357b-5a36-a398-400769b6d1aa", "id": "CVE-2026-24734", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24734 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6e755028-a99e-51c4-b3a1-71c7df96bec6", "id": "CVE-2026-24880", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24880 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4a200105-7757-5883-b205-4729db2a2d83", "id": "CVE-2026-25854", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-25854 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:30bd0b2d-1ecb-56b6-90c8-3cf248a0fb1d", "id": "CVE-2026-29145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29145 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:26f0ee70-da0d-5270-8950-ee562623e218", "id": "CVE-2026-29146", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29146 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1b1c7e75-442c-518c-ac4a-faba5dbecc7f", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:f7b678e6-58f6-5e85-8637-a25559cfcd6f", "id": "CVE-2026-34483", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34483 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a7a2e70c-389d-5034-80a7-babf01f7ebd7", "id": "CVE-2026-34487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34487 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0fedcf20-0720-5072-80ba-ffb5a0682ec0", "id": "CVE-2026-34500", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34500 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@10.1.42-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@10.1.42-tuxcare.1" } ] }