For iOS, in googlemlkit/textrecognition version 2.2.0, the MLKitTextRecognition framework file shows the older version of FlatBuffers as follows:
... Not enough Too much third_party/openssl/boringssl/src/crypto/x509/x509name.c name= FlatBuffers 1.11.0 hashtype murmur ...
So I upgraded googlemlkit/textrecognition to the latest version i.e. 3.2.0. Here I see the same FlatBuffers version but in MLKitTextRecognitionCommon framework file as follows:
... FlatBuffers 1.11.0 TfliteRegionProposalTextDetector ./ocr/photo/detection/tflite_region_proposal_text_detector.h ...
The question here is, does the quoted text assures that GoogleMLKit/TextRecognition is really using older version of FlatBuffers. If yes, then how this can be fixed and where can I raise this issue to get it fixed.
Adding some more context to this question. The vulnerability tool is detecting a risk in FlatBuffers v 1.11.0 (which is part of MLKit). The same risk is reported on CVE details on following link: https://www.cvedetails.com/version-list/0/77533/1/?q=Flatbuffers