PkgRadar

Maven · repo1.maven.org

cn.yusiwen:spring-webmvc

Java Dynamic Classload: URLClassLoader / defineClass — runs attacker-provided bytecode.

Why PkgRadar flagged 5.3.41-cve-patched

SeveritySignalEvidence
mediumJava Dynamic ClassloadURLClassLoader / defineClass — runs attacker-provided bytecode. · org/springframework/web/servlet/view/groovy/GroovyMarkupConfigurer.java

Scanned versions

VersionVerdictScoreScanned (UTC)
5.3.41-cve-patchedReview202026-06-12

Block this in CI

PkgRadar gates cn.yusiwen:spring-webmvc (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem maven cn.yusiwen:[email protected]
Start free — 25 scans / moView full evidence