Maven · repo1.maven.org
com.actelion.research:openchemlib
Java Unsafe Deserialize: ObjectInputStream / XStream.fromXML — untrusted deserialization sink.
Why PkgRadar flagged 2026.6.1
| Severity | Signal | Evidence |
|---|---|---|
| medium | Java Unsafe Deserialize | ObjectInputStream / XStream.fromXML — untrusted deserialization sink. · com/actelion/research/gui/clipboard/ClipboardHandler.java |
| medium | Java Unsafe Deserialize | ObjectInputStream / XStream.fromXML — untrusted deserialization sink. · com/actelion/research/calc/Matrix.java |
| medium | Java Unsafe Deserialize | ObjectInputStream / XStream.fromXML — untrusted deserialization sink. · com/actelion/research/util/IOCL.java |
| medium | Java Unsafe Deserialize | ObjectInputStream / XStream.fromXML — untrusted deserialization sink. · com/actelion/research/util/Base64.java |
| medium | Java Unsafe Deserialize | ObjectInputStream / XStream.fromXML — untrusted deserialization sink. · com/actelion/research/chem/Molecule3DFunctions.java |
| medium | Java Unsafe Deserialize | ObjectInputStream / XStream.fromXML — untrusted deserialization sink. · org/openmolecules/chem/interaction/rf/RFKnowledgeBase.java |
| medium | Java Process Spawn | Runtime.exec / ProcessBuilder — process spawning. · com/actelion/research/util/Platform.java |
| medium | Java Process Spawn | Runtime.exec / ProcessBuilder — process spawning. · com/actelion/research/util/BrowserControl.java |
| medium | Java Process Spawn | Runtime.exec / ProcessBuilder — process spawning. · com/actelion/research/gui/hidpi/HiDPIHelper.java |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
2026.6.1 | Review | 28 | 2026-06-13 |
Block this in CI
pkgradar gate --ecosystem maven com.actelion.research:[email protected]