It looks like com.refinitiv.ema:ema:188.8.131.52 uses org.apache.commons:commons-configuration2:2.7 which suffers from CVE-2022-33980. I believe the fix is easy, just upgrade to 2.8.0
Attachments: Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.
Thank you for the information, I have submitted the GitHub issue-201 on your behalf on the Real-Time SDK GitHub repository.
If you have more information, please feel free to contact the RTSDK team directly via the issue-201.