{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:30e5466c-ae6a-57a8-977f-0d4c3a1efa6e", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@10.1.42-tuxcare.2", "type": "library", "group": "org.apache.tomcat", "name": "tomcat-jsp-api", "version": "10.1.42-tuxcare.2", "purl": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@10.1.42-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:a0bf2eb5-b6af-5e3b-b8d9-6c1d4cf4ec39", "id": "CVE-2024-23672", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2024-23672 does not affect version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-jsp-api. Tomcat 10.1.42 is not vulnerable because CVE-2024-23672 is fixed in 10.1.19 and affects only 10.1.0-M1 through 10.1.18, and 10.1.42 is later than 10.1.19." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dbff3ae7-2459-5e7f-b0f7-b88e5fca8157", "id": "CVE-2024-24549", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2024-24549 does not affect version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-jsp-api. 10.1.42 is not vulnerable. The issue is fixed in 10.1.19, and 10.1.42 is later than 10.1.19, so this version already includes the fix." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f90222e5-4cf5-5df7-840d-ffe181cbbb3e", "id": "CVE-2024-52316", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-52316 affects version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:61bda76a-9673-5104-9633-91f4f3db99b9", "id": "CVE-2025-48988", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2025-48988 does not affect version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-jsp-api. 10.1.42 is the first fixed release in 10.1.x. The fix is already included in 10.1.42." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bc0e2685-5fa7-5f06-955b-53b1d4b0fac1", "id": "CVE-2025-48989", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48989 is fixed in version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e56e4984-1bca-5602-8d06-2178195028ed", "id": "CVE-2025-49125", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2025-49125 does not affect version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-jsp-api. 10.1.42 is the first fixed release in 10.1.x. The fix is already included in 10.1.42." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1334bcbf-3a41-5c78-bdc6-adb8e4fed7ec", "id": "CVE-2025-52520", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52520 is fixed in version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2de1058b-3450-57ed-832f-c92c9836c265", "id": "CVE-2025-53506", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53506 is fixed in version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ffbe179f-f5d2-5ac8-b821-63a7d6461669", "id": "CVE-2025-55752", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55752 is fixed in version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a0c23b88-a4c1-5b3e-bf92-9cae7467ca54", "id": "CVE-2025-55754", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55754 is fixed in version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:f4f79e74-1364-53dc-b8fe-5554f825e897", "id": "CVE-2025-61795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61795 is fixed in version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b86d07f6-72ac-5d65-b813-5a2ba11f5d53", "id": "CVE-2025-66614", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-66614 is fixed in version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:06651c5d-0687-53d5-8e01-d12bf60a5e0f", "id": "CVE-2026-24733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24733 affects version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fca731fe-31ac-5572-9167-8c01dc9b4ecf", "id": "CVE-2026-24734", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24734 affects version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bfcc57cb-8882-55c0-8903-9dad7b796a67", "id": "CVE-2026-24880", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-24880 is fixed in version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:78583381-ee87-53fb-938e-1858d84335b2", "id": "CVE-2026-25854", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-25854 is fixed in version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b1165cc4-99f2-55fd-b709-9119fe6673df", "id": "CVE-2026-29145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29145 affects version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3455b0d0-be37-525f-9a43-4d3f976fdc72", "id": "CVE-2026-29146", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29146 affects version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:31bd1eb0-a293-5dfe-be0f-eca384cbc2de", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:47a0de29-0b58-5277-8f70-18937c907e00", "id": "CVE-2026-34483", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34483 is fixed in version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:17489874-01ab-5663-86a9-d72195011a42", "id": "CVE-2026-34487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34487 affects version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1c9fa83e-f10b-52e3-9e7a-0d3e82d0a259", "id": "CVE-2026-34500", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34500 affects version 10.1.42-tuxcare.2 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@10.1.42-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@10.1.42-tuxcare.2" } ] }