Maven · repo1.maven.org

com.metaeffekt.artifact.analysis:ae-artifact-analysis

Java Process Spawn: Runtime.exec / ProcessBuilder — process spawning.

Why PkgRadar flagged 0.159.0

Severity	Signal	Evidence
medium	Java Process Spawn	Runtime.exec / ProcessBuilder — process spawning. · com/metaeffekt/artifact/analysis/utils/GitAccess.java
medium	Remote Payload	matched "curl " · com/metaeffekt/artifact/analysis/utils/InventoryUtils.java
medium	Remote Payload	matched "cUrl " · com/metaeffekt/mirror/download/other/CapecDownload.java
medium	Remote Payload	matched "raw.githubusercontent.com" · com/metaeffekt/mirror/download/other/MitreAtlasDownload.java
medium	Remote Payload	matched "raw.githubusercontent.com" · com/metaeffekt/mirror/download/other/MitreAttackDownload.java

Scanned versions

Version	Verdict	Score	Scanned (UTC)
`0.159.0`	Review	18	2026-06-14

Block this in CI

PkgRadar gates com.metaeffekt.artifact.analysis:ae-artifact-analysis (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem maven com.metaeffekt.artifact.analysis:[email protected]