{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:2493f0ae-bb8d-5a02-9ac0-7fa44724c89d", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-client-api@10.1.42-tuxcare.1", "type": "library", "group": "org.apache.tomcat", "name": "tomcat-websocket-client-api", "version": "10.1.42-tuxcare.1", "purl": "pkg:maven/org.apache.tomcat/tomcat-websocket-client-api@10.1.42-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:c908c903-6107-5f3d-8287-8ca183aeb961", "id": "CVE-2024-23672", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2024-23672 does not affect version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-websocket-client-api. Tomcat 10.1.42 is not vulnerable because CVE-2024-23672 is fixed in 10.1.19 and affects only 10.1.0-M1 through 10.1.18, and 10.1.42 is later than 10.1.19." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-client-api@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:afafd019-2d0e-5d22-83f3-a07aa329bdfb", "id": "CVE-2024-24549", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2024-24549 does not affect version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-websocket-client-api. 10.1.42 is not vulnerable. The issue is fixed in 10.1.19, and 10.1.42 is later than 10.1.19, so this version already includes the fix." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-client-api@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1fd1a3b6-0cfb-5c20-9fff-2c2270dcee76", "id": "CVE-2024-52316", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-52316 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-websocket-client-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-client-api@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:04845488-2377-5663-8474-f4509a858174", "id": "CVE-2025-48988", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2025-48988 does not affect version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-websocket-client-api. 10.1.42 is the first fixed release in 10.1.x. The fix is already included in 10.1.42." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-client-api@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9d437667-3213-5111-be5b-209b7d3bdb2e", "id": "CVE-2025-48989", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48989 is fixed in version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-websocket-client-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-client-api@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b33b7d01-64fb-5f49-bb22-84e74960581a", "id": "CVE-2025-49125", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2025-49125 does not affect version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-websocket-client-api. 10.1.42 is the first fixed release in 10.1.x. The fix is already included in 10.1.42." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-client-api@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:640c29c8-7d45-5ab2-90f6-5dff573822f7", "id": "CVE-2025-52520", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52520 is fixed in version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-websocket-client-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-client-api@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3f25c379-0d53-5414-be1b-7ed7c6d74cc2", "id": "CVE-2025-53506", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53506 is fixed in version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-websocket-client-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-client-api@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b646ae09-8d54-5dba-97fb-f6e364241fd2", "id": "CVE-2025-55752", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55752 is fixed in version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-websocket-client-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-client-api@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fa2bbd94-5b82-558d-8406-6e007f8f518f", "id": "CVE-2025-55754", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55754 is fixed in version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-websocket-client-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-client-api@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6072c81b-a92d-522a-9a64-e72e3db5be7b", "id": "CVE-2025-61795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61795 is fixed in version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-websocket-client-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-client-api@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7968b48a-4850-5260-8a26-472b62054067", "id": "CVE-2025-66614", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66614 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-websocket-client-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-client-api@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e77ad5a0-0a95-5aef-a7c4-88af055fca1f", "id": "CVE-2026-24733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24733 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-websocket-client-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-client-api@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2932500c-ae3c-5f3e-83ef-d170c9230299", "id": "CVE-2026-24734", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24734 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-websocket-client-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-client-api@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ec112b05-f07b-5d1f-97fe-3db1713bad0e", "id": "CVE-2026-24880", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24880 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-websocket-client-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-client-api@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:76a44a06-4201-5171-a31f-01086d0af83a", "id": "CVE-2026-25854", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-25854 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-websocket-client-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-client-api@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:419572f9-b2d6-5f61-a20b-a81b0682b8b9", "id": "CVE-2026-29145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29145 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-websocket-client-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-client-api@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fdc016ed-97bd-5889-bfa3-fa69806c46ea", "id": "CVE-2026-29146", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29146 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-websocket-client-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-client-api@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:dd43a50b-8cf3-560b-9d04-52ed6820e558", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-websocket-client-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-client-api@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7ea9c423-da96-580e-a965-1abc20d87b47", "id": "CVE-2026-34483", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34483 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-websocket-client-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-client-api@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b9ed6fb0-31a3-5fa9-8393-b6b67ae1edb6", "id": "CVE-2026-34487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34487 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-websocket-client-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-client-api@10.1.42-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8bf9f819-b51d-5deb-97c5-2d7b92c64d64", "id": "CVE-2026-34500", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34500 affects version 10.1.42-tuxcare.1 of org.apache.tomcat:tomcat-websocket-client-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-client-api@10.1.42-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-websocket-client-api@10.1.42-tuxcare.1" } ] }