A dependency confusion vulnerability has been found within an archived Apache project. According to new data by Legit Security, who made the discovery, the finding underscores the importance of scrutinizing third-party projects and dependencies, particularly those archived and potentially neglected in terms of updates and security patches.

Source: Infosecurity