Community
Participate
Working Groups
My compositional analysis tool reports that ECF 3.14.21.v20210410-0052 is vulnerable to several CVEs via plugins/org.eclipse.ecf.protocol.bittorrent_0.3.201.v20210320-0245.jar. Here are the CVEs identified: https://nvd.nist.gov/vuln/detail/CVE-2008-4434 https://nvd.nist.gov/vuln/detail/CVE-2008-7166 https://nvd.nist.gov/vuln/detail/CVE-2008-0364 https://nvd.nist.gov/vuln/detail/CVE-2008-0071 I believe these apply to bittorrent binaries which are not included with ECF, so this finding is a false positive, but due to my lack of familiarity with ECF I am not confident in my assessment, so it would be great for someone on the team to review and verify.