{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:b75cbc38-7a8b-5a08-b9d9-b1350f617ee4", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@7.0.109-tuxcare.1", "type": "library", "group": "org.apache.tomcat", "name": "tomcat-dbcp", "version": "7.0.109-tuxcare.1", "purl": "pkg:maven/org.apache.tomcat/tomcat-dbcp@7.0.109-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:30840be4-933f-549d-bdb5-949cbc08b4ba", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b1af41dd-7458-53db-a2d8-548c3c7bd052", "id": "CVE-2015-5174", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2015-5174 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:593e176a-ab69-5260-9721-9d4f9f42a190", "id": "CVE-2015-5346", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2015-5346 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:64a6febe-7ec9-5be3-8965-440340cf958f", "id": "CVE-2016-0706", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-0706 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:38d0e3be-8286-5cb8-8ccb-1abe5fd6a463", "id": "CVE-2016-0762", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-0762 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:82d86ab8-64bd-5c8a-9fb3-110ffa98c652", "id": "CVE-2016-0763", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-0763 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:243afc12-278e-5742-80e2-d46eed551e61", "id": "CVE-2016-5018", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-5018 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2feef253-f017-5b0d-911f-f3a785a90ccc", "id": "CVE-2016-6794", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6794 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4439640a-efbd-520e-a27a-0f6febd77401", "id": "CVE-2016-6796", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6796 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:3fb1cec8-5f87-5bc0-9475-093ab06b5d1b", "id": "CVE-2016-6797", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6797 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ed45e353-6b11-512b-a9bf-a5863e997956", "id": "CVE-2016-6816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6816 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7b561390-3415-539c-bd0c-8adb7a93840b", "id": "CVE-2016-6817", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6817 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fec2592a-6cd4-54d7-a300-39cd06a3ca78", "id": "CVE-2016-8745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8745 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6224636f-dad4-56e7-ae70-725d403ce5bc", "id": "CVE-2016-8747", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8747 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:43c1e9b7-bb51-52f2-a9a0-d574fa184377", "id": "CVE-2017-12617", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-12617 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:334df7e7-80f9-5d75-867d-911b5baa9db4", "id": "CVE-2017-5647", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-5647 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b6fd3ad5-2623-550d-92a4-701cbbcf1f25", "id": "CVE-2017-5648", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-5648 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8ea09fa6-b76b-55bf-9ff9-f249c8a2b7d1", "id": "CVE-2017-5650", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-5650 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:eeb28433-c7ce-5c72-a860-4b5c28b9e1d7", "id": "CVE-2017-5651", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-5651 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:cff547cd-27c2-5c60-a711-f788f5d40357", "id": "CVE-2017-5664", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-5664 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:145f8506-2a6f-5e1d-9fe3-9fb51a9760e3", "id": "CVE-2017-7674", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-7674 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:50f7ea24-e59e-5323-9ad6-c4f59a4b51a0", "id": "CVE-2017-7675", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-7675 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:682a3b80-96a0-5e3c-9f65-6c4ac0f94fc3", "id": "CVE-2018-1304", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1304 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1d9f98bf-47d8-566e-840f-06686d39779f", "id": "CVE-2018-1305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1305 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:97c06a9b-0a97-5824-ae62-7b5fccc70fe6", "id": "CVE-2018-1336", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1336 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:057a0c30-1c5e-5895-a146-a5041fccbc5d", "id": "CVE-2018-8014", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-8014 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a3e24734-6b61-510e-b548-29d0a518aefe", "id": "CVE-2018-8034", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-8034 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:521485ed-f1ed-5e15-9e73-108ec8edc4d2", "id": "CVE-2019-12418", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-12418 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:88fe7c40-9e13-575e-87d3-d7dd0537c3d3", "id": "CVE-2020-11996", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11996 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:498d234c-4515-52a7-8585-bbdf85c45de0", "id": "CVE-2020-13934", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13934 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c00c422f-33c7-589f-a1d3-120817746259", "id": "CVE-2020-13943", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13943 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d740ce33-6d6e-536c-aca4-96962b16645b", "id": "CVE-2020-9484", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9484 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:654f39e3-29c5-5997-927c-1ee518be3611", "id": "CVE-2021-24122", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-24122 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e0850d02-fc28-53b5-a993-aedfdf476bec", "id": "CVE-2021-30639", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-30639 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9e5a7739-474b-5828-8208-d4a9e3199b10", "id": "CVE-2021-42340", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-42340 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:1cd71837-34c3-54fb-a3bf-e690ad936402", "id": "CVE-2022-23181", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-23181 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:bac03913-0dc4-5c02-b4cb-c413d811cc55", "id": "CVE-2022-34305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-34305 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:420959a4-38a2-5c16-95f0-147a54fd0062", "id": "CVE-2022-45143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-45143 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b40c7734-4395-5049-b93d-eb6138d7f58c", "id": "CVE-2024-24549", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-24549 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8ef39071-8315-506c-9774-2f6de8d21dbb", "id": "CVE-2024-38286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38286 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fee81550-de70-5389-ad03-8bb247a0727c", "id": "CVE-2024-52316", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-52316 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e50df6ec-2c06-5474-8ce9-d8ec212a91dc", "id": "CVE-2025-31650", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-31650 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:731cc7fc-6fba-5ab9-9373-1f087650e9f3", "id": "CVE-2025-31651", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-31651 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:913a572b-c04b-55d6-a8e2-092757300c8f", "id": "CVE-2025-48988", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-48988 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9eea8c67-2ec4-5aa6-877f-c400677874cb", "id": "CVE-2025-49125", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-49125 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0c0e31a8-55b1-5f4c-993b-07425a2afd79", "id": "CVE-2025-66614", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66614 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:024695fa-d9ab-56fa-a620-ae3bbe04ddee", "id": "CVE-2026-24733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24733 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a31df6ce-a5d1-5a1c-bb8b-e2cb7f639c98", "id": "CVE-2026-24880", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-24880 is fixed in version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a1c39963-3f4e-50cc-b512-b87c6f4e92d1", "id": "CVE-2026-29145", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-29145 does not affect version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-dbcp. The official CVE record (https://www.cve.org/CVERecord?id=CVE-2026-29145) limits the affected versions to Apache Tomcat 9.0.13\u20139.0.115, 10.1.0-M7\u201310.1.52, and 11.0.0-M1\u201311.0.18. Version 7.0.109 is not within any of these ranges" }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6bb0c2e5-351a-5388-9bae-8f3bed3e3d45", "id": "CVE-2026-29146", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29146 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b3fcc404-504d-509d-8eac-501cc316342d", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-dbcp." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@7.0.109-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-dbcp@7.0.109-tuxcare.1" } ] }