{
  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
  "bomFormat": "CycloneDX",
  "specVersion": "1.6",
  "serialNumber": "urn:uuid:89d9a520-9250-50a2-89eb-4e2680310adf",
  "version": 1,
  "metadata": {
    "tools": [
      {
        "name": "tuxcare-vex-generator",
        "version": "1.0.0"
      }
    ]
  },
  "components": [
    {
      "bom-ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.8",
      "type": "library",
      "group": "org.apache.tomcat",
      "name": "tomcat-jsp-api",
      "version": "9.0.90-tuxcare.8",
      "purl": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.8"
    }
  ],
  "vulnerabilities": [
    {
      "bom-ref": "urn:uuid:75b4da50-e5fc-543a-99df-448608fb0f15",
      "id": "CVE-2020-11996",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2020-11996 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jsp-api."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:b458074f-5134-5c90-bf44-206dbf58be48",
      "id": "CVE-2020-13934",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2020-13934 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jsp-api."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:2d069895-86fd-5dd9-87ff-c68c497261a4",
      "id": "CVE-2020-13943",
      "analysis": {
        "state": "not_affected",
        "detail": "Vulnerability CVE-2020-13943 does not affect version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jsp-api. Fix for CVE-202-13943 for this version has been already backported by the original developers, so brunch 9.0.90 is not vulnerable"
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:7eb9a827-49a5-538c-bca8-531660b40b8f",
      "id": "CVE-2020-9484",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2020-9484 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jsp-api."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:6714db7b-be2f-567c-a136-bcf730eb55c5",
      "id": "CVE-2021-24122",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2021-24122 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jsp-api."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:20ee37c3-2280-5f0d-8d13-60d005931321",
      "id": "CVE-2021-42340",
      "analysis": {
        "state": "not_affected",
        "detail": "Vulnerability CVE-2021-42340 does not affect version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jsp-api. Patches already applied: 31d62426645824bdfe076a0c0eafa904d90b4fb9 (already in target via 80f1438ec4 'Close WebConnection', a37a6d312c 'Fix BZ 68884 - improve handling of large scale WebSocket disconnects')"
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:0b2614f4-1eee-5160-a6ea-cb4c2dfe03d2",
      "id": "CVE-2022-34305",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2022-34305 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jsp-api."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:4e6031c7-8e42-58f7-b6e8-25afbde9297a",
      "id": "CVE-2022-45143",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2022-45143 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jsp-api."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:ba4a8086-d65c-50a9-ab2c-87a8fab852c9",
      "id": "CVE-2024-23672",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2024-23672 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jsp-api."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:244bd430-ed47-5a2e-869d-09dbc9200c75",
      "id": "CVE-2024-24549",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2024-24549 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jsp-api."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:a849e2f2-9cdd-5800-8e39-8e2ace30d915",
      "id": "CVE-2024-50379",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-50379 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jsp-api."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:ac09eac5-1260-58dd-9eeb-133dd206634c",
      "id": "CVE-2024-52316",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-52316 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jsp-api."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:0367ed1d-85c8-5101-a119-b8b8d72500ea",
      "id": "CVE-2024-54677",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2024-54677 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jsp-api."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:2da1a6f6-a979-57d1-90b8-646f20cf99b5",
      "id": "CVE-2024-56337",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2024-56337 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jsp-api."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:cac96c69-a055-5b32-9146-d402603bb883",
      "id": "CVE-2025-24813",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-24813 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jsp-api."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:431cc688-8458-5a0f-8aa3-297633aa427a",
      "id": "CVE-2025-31650",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-31650 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jsp-api."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:55aa6821-adea-5b16-a698-0906643e8152",
      "id": "CVE-2025-31651",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-31651 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jsp-api."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:8e51bc9e-0c14-526f-a2a5-d72afeb01643",
      "id": "CVE-2025-46701",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-46701 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jsp-api."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:8f803d9a-ccb1-57c4-9b75-f9d94cba33c0",
      "id": "CVE-2025-48988",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-48988 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jsp-api."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:be9f8075-9207-55e7-b9c3-4eb9f4215225",
      "id": "CVE-2025-48989",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-48989 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jsp-api."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:28de4c78-36c1-531c-ae2a-04b37390397c",
      "id": "CVE-2025-49124",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-49124 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jsp-api."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:fe64d912-35f1-5c4b-9115-caaa9e6e61a9",
      "id": "CVE-2025-49125",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-49125 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jsp-api."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:c8c1c111-e701-518b-9139-bc253fe2907a",
      "id": "CVE-2025-52434",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-52434 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jsp-api."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:aee3efa3-75f5-5ab5-8e18-59724bc890d3",
      "id": "CVE-2025-52520",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-52520 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jsp-api."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:b9198e95-a1a3-518e-958f-f5fa9fb7f14f",
      "id": "CVE-2025-53506",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-53506 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jsp-api."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:36a9db07-58ce-52e2-b46e-2c3aa3b5a5fa",
      "id": "CVE-2025-55668",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-55668 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jsp-api."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:4a8d6aae-8fd1-5c4f-af63-315e6a816228",
      "id": "CVE-2025-55752",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2025-55752 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jsp-api."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:1b5dc857-ecda-5e3f-b634-5dcce4b5ebc8",
      "id": "CVE-2025-55754",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-55754 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jsp-api."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:f1bdf62b-804a-5c3f-a49b-ee17bf8b0b93",
      "id": "CVE-2025-61795",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-61795 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jsp-api."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:e56a50e7-f931-5eb6-aef1-1e1ad06d23f8",
      "id": "CVE-2025-66614",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2025-66614 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jsp-api."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:e8c8c550-5a90-54e6-b850-c3900718f176",
      "id": "CVE-2026-24733",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-24733 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jsp-api."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:0a6e8c07-34d0-5b8c-8a13-7782b6fe7e32",
      "id": "CVE-2026-24734",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-24734 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jsp-api."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:1abf2f64-7ea6-5f82-b1c2-42072e173bd5",
      "id": "CVE-2026-24880",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-24880 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jsp-api."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:968571e9-88f4-5a99-b716-f34810a76d0e",
      "id": "CVE-2026-25854",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-25854 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jsp-api."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:ada0db68-720c-56c8-bce9-4a943a0e9352",
      "id": "CVE-2026-29145",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-29145 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jsp-api."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:dfbb0870-2b94-5ec5-84bf-9c543c8aaebc",
      "id": "CVE-2026-29146",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-29146 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jsp-api."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:25b618de-c060-5a29-ad83-4379bdfa50a4",
      "id": "CVE-2026-32990",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-32990 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jsp-api."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:8469c97e-411a-5881-8989-2640a4946ca9",
      "id": "CVE-2026-34483",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-34483 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jsp-api."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:567c6af2-b831-57cc-b6cd-f5a4df5ee7eb",
      "id": "CVE-2026-34486",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-34486 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jsp-api."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:f2d87125-d090-55a3-b694-9dbaf4936dfe",
      "id": "CVE-2026-34487",
      "analysis": {
        "state": "resolved",
        "detail": "Vulnerability CVE-2026-34487 is fixed in version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jsp-api."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:12286e41-d3aa-5e5d-b947-988f2b52f859",
      "id": "CVE-2026-41284",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-41284 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jsp-api."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:6cf39f8a-5986-56e6-8b59-9ef78f06bccd",
      "id": "CVE-2026-41293",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-41293 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jsp-api."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:83dd32bb-0fab-5b7e-aeb0-63abffdea900",
      "id": "CVE-2026-42498",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-42498 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jsp-api."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:710b9226-e87d-5b86-8a5d-e8c895b8b282",
      "id": "CVE-2026-43512",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-43512 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jsp-api."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:b31f200f-abd6-5717-91bd-ee8af6c72129",
      "id": "CVE-2026-43513",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-43513 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jsp-api."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:8ad5eeff-48e3-5106-aa54-5bb0e2607741",
      "id": "CVE-2026-43514",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-43514 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jsp-api."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.8"
        }
      ]
    },
    {
      "bom-ref": "urn:uuid:188576be-b847-52b3-9caf-b0da139da1ed",
      "id": "CVE-2026-43515",
      "analysis": {
        "state": "exploitable",
        "detail": "Vulnerability CVE-2026-43515 affects version 9.0.90-tuxcare.8 of org.apache.tomcat:tomcat-jsp-api."
      },
      "affects": [
        {
          "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.8"
        }
      ]
    }
  ],
  "dependencies": [
    {
      "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@9.0.90-tuxcare.8"
    }
  ]
}