Maven · repo1.maven.org
com.sagframe:sagacity-sqltoy
Java Unsafe Deserialize: ObjectInputStream / XStream.fromXML — untrusted deserialization sink.
Why PkgRadar flagged 5.6.80.jre8
| Severity | Signal | Evidence |
|---|---|---|
| medium | Java Unsafe Deserialize | ObjectInputStream / XStream.fromXML — untrusted deserialization sink. · org/sagacity/sqltoy/utils/IOUtil.java |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
5.6.80.jre8 | Review | 20 | 2026-06-11 |
5.6.79.jre8 | Review | 10 | 2026-06-11 |
5.6.79 | Review | 10 | 2026-06-11 |
5.6.79.RC5 | Review | 10 | 2026-06-11 |
5.6.79.RC4 | Review | 10 | 2026-06-11 |
5.6.79.RC3 | Review | 10 | 2026-06-11 |
5.6.79.RC2 | Review | 20 | 2026-06-10 |
Block this in CI
pkgradar gate --ecosystem maven com.sagframe:[email protected]