I found you are using a dependency with CVE. I found the buggy methods of the CVE in the program execution path of your project. To prevent potential security risks it may cause, I suggest a version update. Here is the detailed information:
Some files in your project call the library method org.apache.uima.cas.impl.XmiCasDeserializer.deserialize(java.io.InputStream,org.apache.uima.cas.CAS), which can reach the buggy method of CVE-2017-15691.
Files in your project:
src/main/java/cz/brmlab/yodaqa/pipeline/AnswerHitlistDeserialize.java
Update suggestion: version 2.10.4
2.10.4 is a safe version without CVEs. From 2.6.0 to 2.10.4, 31 of the APIs (called by 115 times in your project) were modified.
I found you are using a dependency with CVE. I found the buggy methods of the CVE in the program execution path of your project. To prevent potential security risks it may cause, I suggest a version update. Here is the detailed information:
Vulnerable Dependency: org.apache.uima : uimaj-core : 2.6.0
Call Chain to Buggy Methods:
Some files in your project call the library method org.apache.uima.cas.impl.XmiCasDeserializer.deserialize(java.io.InputStream,org.apache.uima.cas.CAS), which can reach the buggy method of CVE-2017-15691.
Files in your project: src/main/java/cz/brmlab/yodaqa/pipeline/AnswerHitlistDeserialize.java
One of the possible call chain:
Update suggestion: version 2.10.4 2.10.4 is a safe version without CVEs. From 2.6.0 to 2.10.4, 31 of the APIs (called by 115 times in your project) were modified.