Maven · repo1.maven.org
com.620cloud.server:mineplex-api
Java Dynamic Classload: URLClassLoader / defineClass — runs attacker-provided bytecode.
Why PkgRadar flagged 1.21.11-R0.1-362
| Severity | Signal | Evidence |
|---|---|---|
| medium | Java Dynamic Classload | URLClassLoader / defineClass — runs attacker-provided bytecode. · org/bukkit/plugin/java/PluginClassLoader.java |
| medium | Java Dynamic Classload | URLClassLoader / defineClass — runs attacker-provided bytecode. · org/bukkit/plugin/java/LibraryLoader.java |
| medium | Java Unsafe Deserialize | ObjectInputStream / XStream.fromXML — untrusted deserialization sink. · org/bukkit/util/io/BukkitObjectInputStream.java |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
1.21.11-R0.1-362 | Review | 70 | 2026-06-14 |
1.21.11-R0.1-361 | Review | 70 | 2026-06-14 |
Block this in CI
pkgradar gate --ecosystem maven com.620cloud.server:[email protected]