It looks like com.refinitiv.ema:ema:3.6.6.0
uses org.apache.commons:commons-configuration2:2.7
which suffers from CVE-2022-33980. I believe the fix is easy, just upgrade to 2.8.0
Hello @daniel.lipofsky
Thank you for the information, I have submitted the GitHub issue-201 on your behalf on the Real-Time SDK GitHub repository.
If you have more information, please feel free to contact the RTSDK team directly via the issue-201.