ff4j 1.8.1 is vulnerable to Remote Code Execution (RCE). This issue has been patched in version 1.9.
References
https://nvd.nist.gov/vuln/detail/CVE-2022-44262
https://github.com/ff4j/ff4j/issues/624
https://github.com/advisories/GHSA-65hj-9ppw-77xc