{
  "_class" : "io.jenkins.plugins.analysis.core.restapi.ReportApi",
  "issues" : [
    {
      "addedAt" : 0,
      "authorEmail" : "-",
      "authorName" : "-",
      "baseName" : "jasperreports-6.20.0.jar",
      "category" : "",
      "columnEnd" : 0,
      "columnStart" : 0,
      "commit" : "-",
      "description" : "",
      "fileName" : "/usr/local/tomcat/webapps/govwayMonitor.war/WEB-INF/lib/jasperreports-6.20.0.jar",
      "fingerprint" : "FALLBACK-b0f36103",
      "lineEnd" : 1,
      "lineStart" : 1,
      "message" : "CVE-2025-10492: LanguageSpecificPackageVulnerability\u000a\u000aJasperReports has a Java deserialisation vulnerability\u000a\u000aFor additional help see: **Vulnerability CVE-2025-10492**\u000a| Severity | Package | Fixed Version | Link |\u000a| --- | --- | --- | --- |\u000a|HIGH|net.sf.jasperreports:jasperreports||[CVE-2025-10492](https://avd.aquasec.com/nvd/cve-2025-10492)|\u000a\u000aA Java deserialisation vulnerability has been discovered in Jaspersoft Library. Improper handling of externally supplied data may allow attackers to execute arbitrary code remotely on systems that use the affected library\u000a\u000aPackage: net.sf.jasperreports:jasperreports\u000aInstalled Version: 6.20.0\u000aVulnerability CVE-2025-10492\u000aSeverity: HIGH\u000aFixed Version: \u000aLink: [CVE-2025-10492](https://avd.aquasec.com/nvd/cve-2025-10492)",
      "moduleName" : "",
      "origin" : "trivy",
      "originName" : "Trivy Security Scanner",
      "packageName" : "-",
      "reference" : "1350",
      "severity" : "HIGH",
      "toString" : "jasperreports-6.20.0.jar(1,0): CVE-2025-10492: : CVE-2025-10492: LanguageSpecificPackageVulnerability\u000a\u000aJasperReports has a Java deserialisation vulnerability\u000a\u000aFor additional help see: **Vulnerability CVE-2025-10492**\u000a| Severity | Package | Fixed Version | Link |\u000a| --- | --- | --- | --- |\u000a|HIGH|net.sf.jasperreports:jasperreports||[CVE-2025-10492](https://avd.aquasec.com/nvd/cve-2025-10492)|\u000a\u000aA Java deserialisation vulnerability has been discovered in Jaspersoft Library. Improper handling of externally supplied data may allow attackers to execute arbitrary code remotely on systems that use the affected library\u000a\u000aPackage: net.sf.jasperreports:jasperreports\u000aInstalled Version: 6.20.0\u000aVulnerability CVE-2025-10492\u000aSeverity: HIGH\u000aFixed Version: \u000aLink: [CVE-2025-10492](https://avd.aquasec.com/nvd/cve-2025-10492)",
      "type" : "CVE-2025-10492"
    }
  ],
  "size" : 1,
  "toString" : "1 warning (high: 1)"
}