Maven · repo1.maven.org
com.sqlapp:sqlapp-core
Java Unsafe Deserialize: ObjectInputStream / XStream.fromXML — untrusted deserialization sink.
Why PkgRadar flagged 0.56.0
| Severity | Signal | Evidence |
|---|---|---|
| medium | Java Unsafe Deserialize | ObjectInputStream / XStream.fromXML — untrusted deserialization sink. · com/sqlapp/util/BinaryUtils.java |
| medium | Java Dynamic Classload | URLClassLoader / defineClass — runs attacker-provided bytecode. · com/sqlapp/util/ClassLoaderUtils.java |
| medium | Java Unsafe Deserialize | ObjectInputStream / XStream.fromXML — untrusted deserialization sink. · com/sqlapp/util/CommonUtils.java |
| medium | Java Unsafe Deserialize | ObjectInputStream / XStream.fromXML — untrusted deserialization sink. · com/sqlapp/util/FileUtils.java |
| medium | Java Process Spawn | Runtime.exec / ProcessBuilder — process spawning. · com/sqlapp/util/RuntimeExec.java |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
0.56.0 | Review | 42 | 2026-06-16 |
Block this in CI
pkgradar gate --ecosystem maven com.sqlapp:[email protected]