There is a security vulnerability with commons-collections.jar 3.2.1; this code base seems to require it.unimi.dsi:dsiutils:jar:2.0.12 which in turn uses commons-collections:commons-collections:jar:3.2.1 which is vulnerable:
[INFO] --- maven-dependency-plugin:2.8:tree (default-cli) @ openwayback-cdx-server ---
[INFO] org.netpreserve.openwayback:openwayback-cdx-server:war:2.0.0
[INFO] +- org.netpreserve.commons:webarchive-commons:jar:1.1.4:compile
<snip>
[INFO] | | +- commons-collections:commons-collections:jar:3.2.1:compile
There is a security vulnerability with commons-collections.jar 3.2.1; this code base seems to require
it.unimi.dsi:dsiutils:jar:2.0.12which in turn usescommons-collections:commons-collections:jar:3.2.1which is vulnerable: