Maven · repo1.maven.org
com.zezeno:zeze-java
Java Dynamic Classload: URLClassLoader / defineClass — runs attacker-provided bytecode.
Why PkgRadar flagged 1.6.3
| Severity | Signal | Evidence |
|---|---|---|
| medium | Java Dynamic Classload | URLClassLoader / defineClass — runs attacker-provided bytecode. · Zeze/Hot/HotManager.java |
| medium | Java Dynamic Classload | URLClassLoader / defineClass — runs attacker-provided bytecode. · Zeze/Hot/HotModule.java |
| medium | Java Unsafe Deserialize | ObjectInputStream / XStream.fromXML — untrusted deserialization sink. · Zeze/Serialize/IByteBuffer.java |
| medium | Java Dynamic Classload | URLClassLoader / defineClass — runs attacker-provided bytecode. · Zeze/Services/RunClassServer.java |
| medium | Java Dynamic Classload | URLClassLoader / defineClass — runs attacker-provided bytecode. · Zeze/Util/InMemoryJavaCompiler.java |
| medium | Java Process Spawn | Runtime.exec / ProcessBuilder — process spawning. · Zeze/Services/Daemon.java |
| medium | Java Process Spawn | Runtime.exec / ProcessBuilder — process spawning. · Zeze/Services/ServiceManager/ExporterNginxConfig.java |
| medium | Java Process Spawn | Runtime.exec / ProcessBuilder — process spawning. · Zeze/Services/ZokerImpl/ServiceManager.java |
| medium | Java Process Spawn | Runtime.exec / ProcessBuilder — process spawning. · Zeze/Util/ClassReloader.java |
| medium | Remote Payload | matched "wGet " · Zeze/Dbh2/Dbh2StateMachine.java |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
1.6.3 | Review | 132 | 2026-06-11 |
Block this in CI
pkgradar gate --ecosystem maven com.zezeno:[email protected]