{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:c7ad32c4-86f4-5e4f-a0dc-605dc1221864", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat-jasper-el@9.0.90-tuxcare.8", "type": "library", "group": "org.apache.tomcat", "name": "tomcat-jasper-el", "version": "9.0.90-tuxcare.8", "purl": "pkg:maven/org.apache.tomcat/tomcat-jasper-el@9.0.90-tuxcare.8" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:8e1955f5-ed8a-534b-859d-0035bcb0ed9f", "id": "CVE-2020-11996", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11996 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jasper-el." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper-el@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:22efa0ca-f5c0-52d3-bad2-a8fdf9ba5dba", "id": "CVE-2020-13934", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13934 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jasper-el." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper-el@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:a4184642-e826-532c-8a81-89d2c0ba1cbd", "id": "CVE-2020-13943", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2020-13943 does not affect version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jasper-el. Fix for CVE-202-13943 for this version has been already backported by the original developers, so brunch 9.0.90 is not vulnerable" }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper-el@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:83cf35a4-6d1b-5e18-8e5b-d840c4e7168f", "id": "CVE-2020-9484", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9484 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jasper-el." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper-el@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:512ab1cf-3ad0-5ec2-9e81-aa80f4036544", "id": "CVE-2021-24122", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-24122 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jasper-el." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper-el@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:9dff2c4e-732b-55e2-be3f-5188a79c7b49", "id": "CVE-2021-42340", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2021-42340 does not affect version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jasper-el. Patches already applied: 31d62426645824bdfe076a0c0eafa904d90b4fb9 (already in target via 80f1438ec4 'Close WebConnection', a37a6d312c 'Fix BZ 68884 - improve handling of large scale WebSocket disconnects')" }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper-el@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:539729c4-ec0a-5ce5-a2b6-b96208306126", "id": "CVE-2022-34305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-34305 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jasper-el." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper-el@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:c34403ac-811b-59bc-8d6e-91b372a045b1", "id": "CVE-2022-45143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-45143 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jasper-el." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper-el@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:f954943f-c613-5010-b344-5d0b31778465", "id": "CVE-2024-23672", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-23672 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jasper-el." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper-el@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:f27264f0-4039-5989-944e-92735e793c51", "id": "CVE-2024-24549", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-24549 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jasper-el." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper-el@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:5a54a990-da88-5789-98b5-3bbcdd23903e", "id": "CVE-2024-50379", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-50379 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jasper-el." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper-el@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:c622c891-5659-5db8-b5b1-fb31e899d43d", "id": "CVE-2024-52316", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-52316 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jasper-el." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper-el@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:dd60cf67-b819-5ed0-8890-918147b77cdd", "id": "CVE-2024-54677", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-54677 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jasper-el." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper-el@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:a5b6a474-10f4-5dc6-a7be-a0cabecc5b23", "id": "CVE-2024-56337", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2024-56337 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jasper-el." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper-el@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:96edbd31-d757-5771-ba20-fa5f011a22af", "id": "CVE-2025-24813", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-24813 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jasper-el." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper-el@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:43b9bffe-7569-5eb5-a032-baf1598b8625", "id": "CVE-2025-31650", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-31650 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jasper-el." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper-el@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:11b0f6e1-3fe2-5ee9-817a-78bd1962b1b7", "id": "CVE-2025-31651", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-31651 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jasper-el." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper-el@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:94263714-7af0-5246-89e4-638d3695cd69", "id": "CVE-2025-46701", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-46701 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jasper-el." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper-el@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:948f2c5c-cad6-528f-a959-b79bc66b920e", "id": "CVE-2025-48988", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48988 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jasper-el." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper-el@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:dadc66c8-4064-5fb8-93b4-dd4fb3e0f605", "id": "CVE-2025-48989", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-48989 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jasper-el." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper-el@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:ad1ee82f-6c65-55da-a376-acce09a863b4", "id": "CVE-2025-49124", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49124 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jasper-el." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper-el@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:361cb689-0bda-599c-af98-61545d5607ea", "id": "CVE-2025-49125", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-49125 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jasper-el." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper-el@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:a031111d-eae5-57c7-87a8-2d39b8b33d33", "id": "CVE-2025-52434", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52434 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jasper-el." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper-el@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:b83268e1-4703-5590-be64-8a2a6e610572", "id": "CVE-2025-52520", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-52520 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jasper-el." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper-el@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:113f3327-fa3a-51d8-93bc-a566425f0bb1", "id": "CVE-2025-53506", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-53506 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jasper-el." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper-el@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:08f15d3e-952c-599d-8de7-c8a8689c571d", "id": "CVE-2025-55668", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55668 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jasper-el." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper-el@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:92902e25-3ae9-56ba-bb7b-6dec33479d6b", "id": "CVE-2025-55752", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-55752 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jasper-el." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper-el@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:026dab9f-a42c-5e19-a90d-22e49f37c96a", "id": "CVE-2025-55754", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-55754 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jasper-el." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper-el@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:f8938680-065b-5776-89d2-a2415a6ae152", "id": "CVE-2025-61795", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-61795 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jasper-el." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper-el@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:d699248a-f3dc-50d1-b4ab-c1c4671386bc", "id": "CVE-2025-66614", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-66614 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jasper-el." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper-el@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:713673cf-3d1e-524e-997b-8c820b5107b6", "id": "CVE-2026-24733", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-24733 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jasper-el." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper-el@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:58c1c03b-cd5f-5e52-a898-f41810394751", "id": "CVE-2026-24734", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24734 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jasper-el." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper-el@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:7305ec38-a01d-563f-a6fa-0873d796fdb4", "id": "CVE-2026-24880", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-24880 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jasper-el." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper-el@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:052e23ad-3b53-55ad-82ba-a704acb7e07a", "id": "CVE-2026-25854", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-25854 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jasper-el." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper-el@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:24a10e3c-1828-5473-95d7-65e0b73fa6a1", "id": "CVE-2026-29145", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29145 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jasper-el." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper-el@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:65784e1f-b2d9-599b-a3a7-06326a562230", "id": "CVE-2026-29146", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-29146 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jasper-el." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper-el@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:92aaaced-8e71-5b58-b74c-c136766532b4", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jasper-el." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper-el@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:153dd032-0262-5ce6-a2c0-f75f0f2e5a37", "id": "CVE-2026-34483", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34483 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jasper-el." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper-el@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:b57ed866-8d80-5eb5-aa02-d24dba8f462e", "id": "CVE-2026-34486", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-34486 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jasper-el." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper-el@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:3fca9fbd-1fd7-53ed-b5df-8b0df93f675d", "id": "CVE-2026-34487", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-34487 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jasper-el." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper-el@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:45dd5a28-42fb-58ae-bc92-bf9ec9848cf4", "id": "CVE-2026-41284", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41284 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jasper-el." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper-el@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:d4f6f7ee-aec1-59f7-934c-609ffb4b9f08", "id": "CVE-2026-41293", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41293 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jasper-el." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper-el@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:b0aa8531-77e9-575d-a634-3670d72fbc02", "id": "CVE-2026-42498", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-42498 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jasper-el." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper-el@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:264dde4c-cdd4-51a3-995d-3400d258a43c", "id": "CVE-2026-43512", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-43512 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jasper-el." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper-el@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:cf95d4a5-6014-515d-ac7a-75d6385f63a1", "id": "CVE-2026-43513", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-43513 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jasper-el." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper-el@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:145c8aca-4808-5907-b6ef-b4f8be557fe4", "id": "CVE-2026-43514", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-43514 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jasper-el." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper-el@9.0.90-tuxcare.8" } ] }, { "bom-ref": "urn:uuid:3b26e433-1399-56be-9ac4-e8a85f4d4f09", "id": "CVE-2026-43515", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-43515 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jasper-el." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper-el@9.0.90-tuxcare.8" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jasper-el@9.0.90-tuxcare.8" } ] }