{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:c1dd8fc3-7e44-5254-9f36-a2ef00382080", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@10.1.42-tuxcare.3", "type": "library", "group": "org.apache.tomcat", "name": "tomcat-jsp-api", "version": "10.1.42-tuxcare.3", "purl": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@10.1.42-tuxcare.3" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:561b317f-df3e-50eb-bf3b-247d4ea5ab6b", "id": "CVE-2024-23672", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2024-23672 does not affect version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-jsp-api. Tomcat 10.1.42 is not vulnerable because CVE-2024-23672 is fixed in 10.1.19 and affects only 10.1.0-M1 through 10.1.18, and 10.1.42 is later than 10.1.19." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e87c078c-4d13-5bc9-9faf-a219c58d1ddc", "id": "CVE-2024-24549", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2024-24549 does not affect version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-jsp-api. 10.1.42 is not vulnerable. The issue is fixed in 10.1.19, and 10.1.42 is later than 10.1.19, so this version already includes the fix." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:e25f7d2e-47e6-5e4c-8477-41cfd8add932", "id": "CVE-2024-52316", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-52316 affects version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:67ca8474-4a9e-596d-9608-88efb8baba5b", "id": "CVE-2025-48988", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2025-48988 does not affect version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-jsp-api. 10.1.42 is the first fixed release in 10.1.x. The fix is already included in 10.1.42." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:c3004de0-862e-5e02-b0cb-cc2543d7f37f", "id": "CVE-2025-48989", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48989 is fixed in version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:8fe09af3-790c-569c-94db-4aeb19ca79cf", "id": "CVE-2025-49125", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2025-49125 does not affect version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-jsp-api. 10.1.42 is the first fixed release in 10.1.x. The fix is already included in 10.1.42." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:126befb5-b9a3-5785-ac48-2b21d90760bc", "id": "CVE-2025-52520", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52520 is fixed in version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:53dc3ea3-7df5-550b-ab07-1e682502556c", "id": "CVE-2025-53506", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53506 is fixed in version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:0f6b2d99-f381-5c53-a31f-bc1b66ec30fe", "id": "CVE-2025-55752", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55752 is fixed in version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:7bc133e0-c5bc-56d7-bd0a-f41dec9c2cf1", "id": "CVE-2025-55754", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55754 is fixed in version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b926be9f-97fa-5277-b1e4-d4814994d9ad", "id": "CVE-2025-61795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61795 is fixed in version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:921e5cea-0401-5f14-8235-9b984b6f5ab1", "id": "CVE-2025-66614", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-66614 is fixed in version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:dce1c2a3-9134-5160-a046-89024a3a550f", "id": "CVE-2026-24733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24733 affects version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:a4b2b6e6-91c1-5fa7-8172-0e683e6e21d0", "id": "CVE-2026-24734", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24734 affects version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9b0261db-65d8-5f11-b242-5d8fedfd5851", "id": "CVE-2026-24880", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-24880 is fixed in version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:afc7f567-e19f-5421-8225-877a0094ee33", "id": "CVE-2026-25854", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-25854 is fixed in version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:97f0cddd-101a-52dd-98b0-3a616e8b63e7", "id": "CVE-2026-29145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29145 affects version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:53922833-30b2-52b6-b997-1628d6e7ea05", "id": "CVE-2026-29146", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29146 affects version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:059663f2-0ec1-57e0-8853-23f27be37221", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:167be46b-45d2-56bf-9977-622d4ea4a641", "id": "CVE-2026-34483", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34483 is fixed in version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:9c95ae1c-17af-5e86-b42d-092e7a5090ac", "id": "CVE-2026-34486", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34486 affects version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:b44c0c98-dea6-5807-a54d-4c99341a377c", "id": "CVE-2026-34487", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34487 is fixed in version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@10.1.42-tuxcare.3" } ] }, { "bom-ref": "urn:uuid:853995b0-dbf1-590e-a643-d80deb1b6e93", "id": "CVE-2026-34500", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34500 affects version 10.1.42-tuxcare.3 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@10.1.42-tuxcare.3" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@10.1.42-tuxcare.3" } ] }