At the moment the project has multiple dependencies to org.ini4j in version 0.5.1. This library is vulnerable to CVE-2022-41404 with a CVSSv3 Base Score of HIGH (7.5).
An issue in the fetch() method in the BasicProfile class of org.ini4j before v0.5.4 allows attackers to cause a Denial of Service (DoS) via unspecified vectors.
See https://sourceforge.net/p/ini4j/bugs/56/
Please update this so INI upload is safe again.
At the moment the project has multiple dependencies to
org.ini4jin version0.5.1. This library is vulnerable to CVE-2022-41404 with a CVSSv3 Base Score of HIGH (7.5).See https://sourceforge.net/p/ini4j/bugs/56/
Please update this so INI upload is safe again.