{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:dff5ff4a-99c0-52b1-a0da-2591c9924fb3", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat-util@10.1.42-tuxcare.1", "type": "library", "group": "org.apache.tomcat", "name": "tomcat-util", "version": "10.1.42-tuxcare.1", "purl": "pkg:maven/org.apache.tomcat/tomcat-util@10.1.42-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:3b91b182-6416-5222-b834-8171f9355728", "id": "CVE-2024-23672", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2024-23672 does not affect version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-util. Tomcat 10.1.42 is not vulnerable because CVE-2024-23672 is fixed in 10.1.19 and affects only 10.1.0-M1 through 10.1.18, and 10.1.42 is later than 10.1.19." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9babdd4e-66ed-5e27-9c7d-ce1212625126", "id": "CVE-2024-24549", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2024-24549 does not affect version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-util. 10.1.42 is not vulnerable. The issue is fixed in 10.1.19, and 10.1.42 is later than 10.1.19, so this version already includes the fix." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c772595a-b55e-5db1-98ca-5ef12977736b", "id": "CVE-2024-52316", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-52316 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:00af2409-be35-5074-99a9-f67350b5d54a", "id": "CVE-2025-48988", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2025-48988 does not affect version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-util. 10.1.42 is the first fixed release in 10.1.x. The fix is already included in 10.1.42." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d6bdb190-3618-51f6-aed4-3e1fea806505", "id": "CVE-2025-48989", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48989 is fixed in version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1cb925ee-4c5a-5e3b-a3bf-08e18ea6a07e", "id": "CVE-2025-49125", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2025-49125 does not affect version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-util. 10.1.42 is the first fixed release in 10.1.x. The fix is already included in 10.1.42." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1acf87bd-3676-5e6d-ac44-2758a9caeafe", "id": "CVE-2025-52520", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52520 is fixed in version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b44d1b07-a37a-561e-9cb5-ef31f5dea2ee", "id": "CVE-2025-53506", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53506 is fixed in version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7456e863-b92f-567b-a3cd-fc4963f661b6", "id": "CVE-2025-55752", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55752 is fixed in version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6b5d6bb7-4538-514a-bdd8-f03628f349d3", "id": "CVE-2025-55754", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55754 is fixed in version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dffa181b-46e7-5de4-bad3-4bc870ba2ef0", "id": "CVE-2025-61795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61795 is fixed in version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b55da950-8722-5c62-8f03-72c4ff149eec", "id": "CVE-2025-66614", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66614 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3f3e18af-1830-5f47-847e-8bd3c8d730dc", "id": "CVE-2026-24733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24733 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:653138b9-a1cc-50f8-8fed-ba44fa87453a", "id": "CVE-2026-24734", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24734 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8fd0bf61-094d-591c-83f8-6cc73f6daa64", "id": "CVE-2026-24880", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24880 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3ea2971a-c8fd-5e2c-b0d7-2f2d26633642", "id": "CVE-2026-25854", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-25854 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b57eb2c8-edcc-5bd8-b772-900a6809dc13", "id": "CVE-2026-29145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29145 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:064fe5a8-9749-5592-b7c2-d5f2e7376ebd", "id": "CVE-2026-29146", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29146 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6530b5f7-d134-56c2-876b-3fdabd6388bf", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b95ecd7c-9c29-55b7-a410-2117b579d9dd", "id": "CVE-2026-34483", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34483 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b1b85a0b-ea9b-5f29-ad30-8ea78709ab35", "id": "CVE-2026-34487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34487 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cebeffe3-4fa5-520b-b8f9-fadfc8c8d70f", "id": "CVE-2026-34500", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34500 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-util." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@10.1.42-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-util@10.1.42-tuxcare.1" } ] }