Maven · repo1.maven.org

com.github.binarywang:weixin-java-pay

Java Base64 Combo: Base64.decode combined with network / process / defineClass — classic obfuscated payload.

Why PkgRadar flagged 4.8.4-20260612.150047

Severity	Signal	Evidence
high	Java Base64 Combo	Base64.decode combined with network / process / defineClass — classic obfuscated payload. · com/github/binarywang/wxpay/config/WxPayConfig.java

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`4.8.4-20260612.150047`	Review	9	2026-06-12

Block this in CI

PkgRadar gates com.github.binarywang:weixin-java-pay (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem maven com.github.binarywang:[email protected]