How does Katalon tackle security issues on external components?

When checking Katalon for security issues we ran into two eclipse plugins that are vulnerable to attack.
One of these has been fixed by the latest Katalon release but the other plugin hasn’t been updated.
This is regarding com.google.guava_23.0.0.jar on which an DOS possibility has been discovered (CVE-2018-10237 : Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of).
Also our test has not been extensive so there could be more issues.
How does Katalon tackle issues such as these?

Adding to the security concern, when using SonarQube to check the Katalon code we found 25 vulnerablities and 1200 possible vulnerabilities.
Again, how does Katalon tackle these kinds of possible security issues?