{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:9895281b-9f8e-5d10-bb75-63f9dcaf5a62", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-websocket@10.1.42-tuxcare.2", "type": "library", "group": "org.apache.tomcat.embed", "name": "tomcat-embed-websocket", "version": "10.1.42-tuxcare.2", "purl": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-websocket@10.1.42-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:8a44ba8e-0af4-503b-9d57-366d51241224", "id": "CVE-2024-23672", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2024-23672 does not affect version 10.1.42-tuxcare.2 of org.apache.tomcat.embed:tomcat-embed-websocket. Tomcat 10.1.42 is not vulnerable because CVE-2024-23672 is fixed in 10.1.19 and affects only 10.1.0-M1 through 10.1.18, and 10.1.42 is later than 10.1.19." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-websocket@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:a5e3414a-7b5f-5428-a447-0c4fe4889170", "id": "CVE-2024-24549", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2024-24549 does not affect version 10.1.42-tuxcare.2 of org.apache.tomcat.embed:tomcat-embed-websocket. 10.1.42 is not vulnerable. The issue is fixed in 10.1.19, and 10.1.42 is later than 10.1.19, so this version already includes the fix." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-websocket@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5a92a3b1-a565-5c25-8247-1ca3e39a55ec", "id": "CVE-2024-52316", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-52316 affects version 10.1.42-tuxcare.2 of org.apache.tomcat.embed:tomcat-embed-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-websocket@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:789a0233-13fe-5bab-abf0-124f7a2227bd", "id": "CVE-2025-48988", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2025-48988 does not affect version 10.1.42-tuxcare.2 of org.apache.tomcat.embed:tomcat-embed-websocket. 10.1.42 is the first fixed release in 10.1.x. The fix is already included in 10.1.42." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-websocket@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:67512663-7c37-5b01-a282-dd6b209c69cd", "id": "CVE-2025-48989", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48989 is fixed in version 10.1.42-tuxcare.2 of org.apache.tomcat.embed:tomcat-embed-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-websocket@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:303f3694-04aa-535d-b109-d2cf5b86f4b3", "id": "CVE-2025-49125", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2025-49125 does not affect version 10.1.42-tuxcare.2 of org.apache.tomcat.embed:tomcat-embed-websocket. 10.1.42 is the first fixed release in 10.1.x. The fix is already included in 10.1.42." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-websocket@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:bf14a2e3-d9f9-59dd-8605-1296e41c78b3", "id": "CVE-2025-52520", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52520 is fixed in version 10.1.42-tuxcare.2 of org.apache.tomcat.embed:tomcat-embed-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-websocket@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:178ed9c9-8c6f-5778-a465-36d3e46ce467", "id": "CVE-2025-53506", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53506 is fixed in version 10.1.42-tuxcare.2 of org.apache.tomcat.embed:tomcat-embed-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-websocket@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4e08def2-61f9-50ed-824e-84da1b10ea35", "id": "CVE-2025-55752", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55752 is fixed in version 10.1.42-tuxcare.2 of org.apache.tomcat.embed:tomcat-embed-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-websocket@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1f345707-bf77-5821-a91a-0da6159718b1", "id": "CVE-2025-55754", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55754 is fixed in version 10.1.42-tuxcare.2 of org.apache.tomcat.embed:tomcat-embed-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-websocket@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:26604039-f010-5cf8-a6bf-171e16286918", "id": "CVE-2025-61795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61795 is fixed in version 10.1.42-tuxcare.2 of org.apache.tomcat.embed:tomcat-embed-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-websocket@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:af680f62-88ae-50bd-b69f-da3fda8c104f", "id": "CVE-2025-66614", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-66614 is fixed in version 10.1.42-tuxcare.2 of org.apache.tomcat.embed:tomcat-embed-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-websocket@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6f49fbed-0156-54f9-a089-ec49883516be", "id": "CVE-2026-24733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24733 affects version 10.1.42-tuxcare.2 of org.apache.tomcat.embed:tomcat-embed-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-websocket@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6dad1585-b67c-5e0e-831d-73034745d49b", "id": "CVE-2026-24734", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24734 affects version 10.1.42-tuxcare.2 of org.apache.tomcat.embed:tomcat-embed-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-websocket@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:32fdcb7c-ceb9-50a4-a406-a60113bda4ec", "id": "CVE-2026-24880", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-24880 is fixed in version 10.1.42-tuxcare.2 of org.apache.tomcat.embed:tomcat-embed-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-websocket@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:4e4907d7-4a2e-5807-a45f-e231331f5b63", "id": "CVE-2026-25854", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-25854 is fixed in version 10.1.42-tuxcare.2 of org.apache.tomcat.embed:tomcat-embed-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-websocket@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:36bb206c-f576-59dc-9004-3ec36a7ab69f", "id": "CVE-2026-29145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29145 affects version 10.1.42-tuxcare.2 of org.apache.tomcat.embed:tomcat-embed-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-websocket@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:0af2ef60-070b-5da9-81b3-19ca5e5b9822", "id": "CVE-2026-29146", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29146 affects version 10.1.42-tuxcare.2 of org.apache.tomcat.embed:tomcat-embed-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-websocket@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:db88365f-7ac9-5833-82ed-fbd2fbbe51d7", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 10.1.42-tuxcare.2 of org.apache.tomcat.embed:tomcat-embed-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-websocket@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:161b3683-3b51-5f3f-b95f-72807d367df4", "id": "CVE-2026-34483", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34483 is fixed in version 10.1.42-tuxcare.2 of org.apache.tomcat.embed:tomcat-embed-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-websocket@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e438c364-5cd9-5db0-ab44-fd10aad8d2cc", "id": "CVE-2026-34486", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34486 affects version 10.1.42-tuxcare.2 of org.apache.tomcat.embed:tomcat-embed-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-websocket@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5216cbb1-1487-5edd-b006-5584c9a73da7", "id": "CVE-2026-34487", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34487 affects version 10.1.42-tuxcare.2 of org.apache.tomcat.embed:tomcat-embed-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-websocket@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1647112f-6842-59d7-b184-eacaa10ffb05", "id": "CVE-2026-34500", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34500 affects version 10.1.42-tuxcare.2 of org.apache.tomcat.embed:tomcat-embed-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-websocket@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b0d3dd50-1677-5947-aea6-97dbe23a6ce7", "id": "CVE-2026-41284", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41284 affects version 10.1.42-tuxcare.2 of org.apache.tomcat.embed:tomcat-embed-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-websocket@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:82e16262-a8b4-55d0-8d7f-b6fa703dfab4", "id": "CVE-2026-41293", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41293 affects version 10.1.42-tuxcare.2 of org.apache.tomcat.embed:tomcat-embed-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-websocket@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:63be9389-c393-5e3d-a205-1a77a540c83d", "id": "CVE-2026-42498", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-42498 affects version 10.1.42-tuxcare.2 of org.apache.tomcat.embed:tomcat-embed-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-websocket@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:6ed92c19-acf6-514a-bc98-5802fee8d449", "id": "CVE-2026-43512", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-43512 affects version 10.1.42-tuxcare.2 of org.apache.tomcat.embed:tomcat-embed-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-websocket@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fac41c6a-ccdd-5404-8b1d-c5d12d269229", "id": "CVE-2026-43513", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-43513 affects version 10.1.42-tuxcare.2 of org.apache.tomcat.embed:tomcat-embed-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-websocket@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:24299c83-e363-5f8c-86c3-3cfde0ff636e", "id": "CVE-2026-43514", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-43514 affects version 10.1.42-tuxcare.2 of org.apache.tomcat.embed:tomcat-embed-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-websocket@10.1.42-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3d3762b7-6b7c-5259-8772-826b27a0c63d", "id": "CVE-2026-43515", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-43515 affects version 10.1.42-tuxcare.2 of org.apache.tomcat.embed:tomcat-embed-websocket." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-websocket@10.1.42-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat.embed/tomcat-embed-websocket@10.1.42-tuxcare.2" } ] }