PkgRadar

Maven · repo1.maven.org

com.argusoft:medplat_core

Java Unsafe Deserialize: ObjectInputStream / XStream.fromXML — untrusted deserialization sink.

Why PkgRadar flagged 0.0.13

SeveritySignalEvidence
mediumJava Unsafe DeserializeObjectInputStream / XStream.fromXML — untrusted deserialization sink. · com/argusoft/medplat_core/common/service/impl/UserServiceImpl.java
mediumJava Base64 ComboBase64.decode combined with network / process — common in API clients, but worth review. · com/argusoft/medplat_core/documentstoremongo/service/impl/DocumentStoreMongoServiceImpl.java
mediumJava Process SpawnRuntime.exec / ProcessBuilder — process spawning. · com/argusoft/medplat_core/common/util/DatabaseRestoreUtil.java

Scanned versions

VersionVerdictScoreScanned (UTC)
0.0.13Review602026-06-15

Block this in CI

PkgRadar gates com.argusoft:medplat_core (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem maven com.argusoft:[email protected]
Start free — 25 scans / moView full evidence