"All JDOM versions are available in the 'jdom' or 'jdom2' artifact in the org.jdom group on Maven. The maven artifacts are a mess with early JDOM 2.x versions appearing in the 'jdom' artifacts, and later 2.x versions in the 'jdom2' artifact. Maven does not allow the fixing of mistakes, so maven users wil just have to live with it as it is."
Yep, there is no 2.0.6 version of org.jdom:jdom. However there is 2.0.6 for org.jdom:jdom2, which we do not link to this CVE. Also GHSA lists org.jdom:jdom as the Maven artifact only.
CVE-2021-33813 mapped following purls:
The CVE description suggests 2.0.6 is also affected.
This may be caused by the naming issue of
jdom
as described in "Which Maven artefact should I use?".