{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:bbe43d40-9975-5fcf-b384-486ced4897ec", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.struts/struts-extras@1.3.5-tuxcare.1", "type": "library", "group": "org.apache.struts", "name": "struts-extras", "version": "1.3.5-tuxcare.1", "purl": "pkg:maven/org.apache.struts/struts-extras@1.3.5-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:e60b2d80-75c4-58cf-a9d4-2f9ddd10ecb7", "id": "CVE-2012-0391", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2012-0391 affects version 1.3.5-tuxcare.1 of org.apache.struts:struts-extras." }, "affects": [ { "ref": "pkg:maven/org.apache.struts/struts-extras@1.3.5-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b49665f4-902f-52bb-b592-995957510ff7", "id": "CVE-2012-1007", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2012-1007 is fixed in version 1.3.5-tuxcare.1 of org.apache.struts:struts-extras." }, "affects": [ { "ref": "pkg:maven/org.apache.struts/struts-extras@1.3.5-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8cbb46c4-2411-5847-888e-d5f5e14ceb4b", "id": "CVE-2014-0114", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2014-0114 affects version 1.3.5-tuxcare.1 of org.apache.struts:struts-extras." }, "affects": [ { "ref": "pkg:maven/org.apache.struts/struts-extras@1.3.5-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9d98a24d-d2ab-5d02-abf9-bd96e6422408", "id": "CVE-2015-0899", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2015-0899 is fixed in version 1.3.5-tuxcare.1 of org.apache.struts:struts-extras." }, "affects": [ { "ref": "pkg:maven/org.apache.struts/struts-extras@1.3.5-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b1f097ee-18bd-5b7e-af6a-1ee8612778c8", "id": "CVE-2016-1181", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-1181 is fixed in version 1.3.5-tuxcare.1 of org.apache.struts:struts-extras." }, "affects": [ { "ref": "pkg:maven/org.apache.struts/struts-extras@1.3.5-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c2115165-5f93-55f7-88d5-051a8c71860d", "id": "CVE-2016-1182", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2016-1182 is fixed in version 1.3.5-tuxcare.1 of org.apache.struts:struts-extras." }, "affects": [ { "ref": "pkg:maven/org.apache.struts/struts-extras@1.3.5-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e5a8af4f-8e31-5579-9c3e-79542b646237", "id": "CVE-2016-4431", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-4431 affects version 1.3.5-tuxcare.1 of org.apache.struts:struts-extras." }, "affects": [ { "ref": "pkg:maven/org.apache.struts/struts-extras@1.3.5-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:72c644f3-b050-51fa-9446-00448c7d0eea", "id": "CVE-2020-26258", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-26258 affects version 1.3.5-tuxcare.1 of org.apache.struts:struts-extras." }, "affects": [ { "ref": "pkg:maven/org.apache.struts/struts-extras@1.3.5-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9da0d85a-884d-5a11-b74e-624d0b161159", "id": "CVE-2020-26259", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-26259 affects version 1.3.5-tuxcare.1 of org.apache.struts:struts-extras." }, "affects": [ { "ref": "pkg:maven/org.apache.struts/struts-extras@1.3.5-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a011d53b-71df-5a93-9d20-87736b0dd516", "id": "CVE-2023-34149", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-34149 affects version 1.3.5-tuxcare.1 of org.apache.struts:struts-extras." }, "affects": [ { "ref": "pkg:maven/org.apache.struts/struts-extras@1.3.5-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c96602b0-17ae-5c26-ad76-447586dd7c2b", "id": "CVE-2023-34396", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-34396 affects version 1.3.5-tuxcare.1 of org.apache.struts:struts-extras." }, "affects": [ { "ref": "pkg:maven/org.apache.struts/struts-extras@1.3.5-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:514d5f10-ca78-5057-bfd6-ba9f805d2d0a", "id": "CVE-2023-47466", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2023-47466 does not affect version 1.3.5-tuxcare.1 of org.apache.struts:struts-extras. not_affected \u2014 The target repository (Apache Struts 1.3.5-tuxcare.1, a Java web application framework) is not affected by CVE-2023-47466. The CVE describes a vulnerability in TagLib (a C++ audio metadata library) related to RIFF/WAV file processing. These are completely different projects that happen to share the name 'taglib' but serve entirely different purposes: TagLib (C++) processes audio file metadata, ..." }, "affects": [ { "ref": "pkg:maven/org.apache.struts/struts-extras@1.3.5-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d5cae739-e651-5c30-85a9-8ad2032a0a6a", "id": "CVE-2023-49735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2023-49735 affects version 1.3.5-tuxcare.1 of org.apache.struts:struts-extras." }, "affects": [ { "ref": "pkg:maven/org.apache.struts/struts-extras@1.3.5-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:56eabdce-1839-52d8-8cfb-f6a8cf304ce3", "id": "CVE-2025-54656", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-54656 is fixed in version 1.3.5-tuxcare.1 of org.apache.struts:struts-extras." }, "affects": [ { "ref": "pkg:maven/org.apache.struts/struts-extras@1.3.5-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.struts/struts-extras@1.3.5-tuxcare.1" } ] }