Maven · repo1.maven.org
io.github.pquiring:javaforce
Java Unsafe Deserialize: ObjectInputStream / XStream.fromXML — untrusted deserialization sink.
Why PkgRadar flagged 111.0
| Severity | Signal | Evidence |
|---|---|---|
| medium | Java Unsafe Deserialize | ObjectInputStream / XStream.fromXML — untrusted deserialization sink. · javaforce/media/Music.java |
| medium | Java Unsafe Deserialize | ObjectInputStream / XStream.fromXML — untrusted deserialization sink. · javaforce/Compression.java |
| medium | Java Unsafe Deserialize | ObjectInputStream / XStream.fromXML — untrusted deserialization sink. · javaforce/JF.java |
| medium | Java Dynamic Classload | URLClassLoader / defineClass — runs attacker-provided bytecode. · javaforce/JFClassLoader.java |
| medium | Java Process Spawn | Runtime.exec / ProcessBuilder — process spawning. · javaforce/JF.java |
| medium | Java Process Spawn | Runtime.exec / ProcessBuilder — process spawning. · javaforce/KeyMgmt.java |
| medium | Java Process Spawn | Runtime.exec / ProcessBuilder — process spawning. · javaforce/ShellProcess.java |
| medium | Java Process Spawn | Runtime.exec / ProcessBuilder — process spawning. · javaforce/awt/VNCServer.java |
| medium | Java Process Spawn | Runtime.exec / ProcessBuilder — process spawning. · javaforce/jni/lnx/LnxPty.java |
| medium | Java Process Spawn | Runtime.exec / ProcessBuilder — process spawning. · javaforce/linux/Linux.java |
| medium | Java Process Spawn | Runtime.exec / ProcessBuilder — process spawning. · javaforce/service/ProxyServer.java |
| medium | Java Process Spawn | Runtime.exec / ProcessBuilder — process spawning. · javaforce/utils/Package.java |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
111.0 | Review | 60 | 2026-06-10 |
Block this in CI
pkgradar gate --ecosystem maven io.github.pquiring:[email protected]