Hi,
There is one security vulnerability present in common-codec 1.10 jar of readonlyrest-1.26.1_es7.10.0.zip.
The Apache Commons contains a flaw that is due to the Base32 codec decoding invalid strings instead of rejecting them. This may allow a remote attacker to tunnel additional information via a base 32 string that seems valid.
Please look into this.