Maven · repo1.maven.org
co.elastic.apm:elastic-apm-agent-java8
Java Jndi Lookup: JNDI / Naming.lookup — remote class-loading primitive (Log4Shell family).
Why PkgRadar flagged 1.56.0
| Severity | Signal | Evidence |
|---|---|---|
| medium | Java Jndi Lookup | JNDI / Naming.lookup — remote class-loading primitive (Log4Shell family). · org/apache/logging/log4j/core/net/JndiManager.java |
| medium | Java Dynamic Classload | URLClassLoader / defineClass — runs attacker-provided bytecode. · META-INF/versions/9/net/bytebuddy/agent/builder/AgentBuilder.java |
| medium | Java Dynamic Classload | URLClassLoader / defineClass — runs attacker-provided bytecode. · META-INF/versions/9/net/bytebuddy/dynamic/ClassFileLocator.java |
| medium | Java Dynamic Classload | URLClassLoader / defineClass — runs attacker-provided bytecode. · META-INF/versions/9/net/bytebuddy/dynamic/loading/ByteArrayClassLoader.java |
| medium | Java Dynamic Classload | URLClassLoader / defineClass — runs attacker-provided bytecode. · META-INF/versions/9/net/bytebuddy/dynamic/loading/ClassInjector.java |
| medium | Java Dynamic Classload | URLClassLoader / defineClass — runs attacker-provided bytecode. · META-INF/versions/9/net/bytebuddy/dynamic/loading/InjectionClassLoader.java |
| medium | Java Dynamic Classload | URLClassLoader / defineClass — runs attacker-provided bytecode. · META-INF/versions/9/net/bytebuddy/dynamic/loading/MultipleParentClassLoader.java |
| medium | Java Dynamic Classload | URLClassLoader / defineClass — runs attacker-provided bytecode. · META-INF/versions/9/net/bytebuddy/utility/dispatcher/JavaDispatcher.java |
| medium | Java Dynamic Classload | URLClassLoader / defineClass — runs attacker-provided bytecode. · net/bytebuddy/agent/builder/AgentBuilder.java |
| medium | Java Dynamic Classload | URLClassLoader / defineClass — runs attacker-provided bytecode. · net/bytebuddy/dynamic/ClassFileLocator.java |
| medium | Java Dynamic Classload | URLClassLoader / defineClass — runs attacker-provided bytecode. · net/bytebuddy/dynamic/loading/ByteArrayClassLoader.java |
| medium | Java Dynamic Classload | URLClassLoader / defineClass — runs attacker-provided bytecode. · net/bytebuddy/dynamic/loading/ClassInjector.java |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
1.56.0 | Review | 95 | 2026-06-15 |
Block this in CI
pkgradar gate --ecosystem maven co.elastic.apm:[email protected]