{
  "_class" : "io.jenkins.plugins.analysis.core.restapi.ReportApi",
  "issues" : [
    {
      "addedAt" : 0,
      "authorEmail" : "-",
      "authorName" : "-",
      "baseName" : "tomcat-coyote.jar",
      "category" : "",
      "columnEnd" : 0,
      "columnStart" : 0,
      "commit" : "-",
      "description" : "",
      "fileName" : "/usr/local/tomcat/lib/tomcat-coyote.jar",
      "fingerprint" : "FALLBACK-1c10cee4",
      "lineEnd" : 1,
      "lineStart" : 1,
      "message" : "CVE-2025-48989: LanguageSpecificPackageVulnerability\u000a\u000aImproper Resource Shutdown or Release vulnerability in Apache Tomcat m ...\u000a\u000aFor additional help see: **Vulnerability CVE-2025-48989**\u000a| Severity | Package | Fixed Version | Link |\u000a| --- | --- | --- | --- |\u000a|HIGH|org.apache.tomcat:tomcat-coyote|11.0.10, 10.1.44, 9.0.108|[CVE-2025-48989](https://avd.aquasec.com/nvd/cve-2025-48989)|\u000a\u000aImproper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack.\u000a\u000aThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.9, from 10.1.0-M1 through 10.1.43 and from 9.0.0.M1 through 9.0.107. Older, EOL versions may also be affected.\u000a\u000aUsers are recommended to upgrade to one of versions 11.0.10, 10.1.44 or 9.0.108 which fix the issue.\u000a\u000aPackage: org.apache.tomcat:tomcat-coyote\u000aInstalled Version: 11.0.9\u000aVulnerability CVE-2025-48989\u000aSeverity: HIGH\u000aFixed Version: 11.0.10, 10.1.44, 9.0.108\u000aLink: [CVE-2025-48989](https://avd.aquasec.com/nvd/cve-2025-48989)",
      "moduleName" : "",
      "origin" : "trivy",
      "originName" : "Trivy Security Scanner",
      "packageName" : "-",
      "reference" : "1314",
      "severity" : "HIGH",
      "toString" : "tomcat-coyote.jar(1,0): CVE-2025-48989: : CVE-2025-48989: LanguageSpecificPackageVulnerability\u000a\u000aImproper Resource Shutdown or Release vulnerability in Apache Tomcat m ...\u000a\u000aFor additional help see: **Vulnerability CVE-2025-48989**\u000a| Severity | Package | Fixed Version | Link |\u000a| --- | --- | --- | --- |\u000a|HIGH|org.apache.tomcat:tomcat-coyote|11.0.10, 10.1.44, 9.0.108|[CVE-2025-48989](https://avd.aquasec.com/nvd/cve-2025-48989)|\u000a\u000aImproper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack.\u000a\u000aThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.9, from 10.1.0-M1 through 10.1.43 and from 9.0.0.M1 through 9.0.107. Older, EOL versions may also be affected.\u000a\u000aUsers are recommended to upgrade to one of versions 11.0.10, 10.1.44 or 9.0.108 which fix the issue.\u000a\u000aPackage: org.apache.tomcat:tomcat-coyote\u000aInstalled Version: 11.0.9\u000aVulnerability CVE-2025-48989\u000aSeverity: HIGH\u000aFixed Version: 11.0.10, 10.1.44, 9.0.108\u000aLink: [CVE-2025-48989](https://avd.aquasec.com/nvd/cve-2025-48989)",
      "type" : "CVE-2025-48989"
    }
  ],
  "size" : 1,
  "toString" : "1 warning (high: 1)"
}