PkgRadar

Maven · repo1.maven.org

is.codion:codion-framework-servlet

Java Unsafe Deserialize: ObjectInputStream / XStream.fromXML — untrusted deserialization sink.

Why PkgRadar flagged 0.18.76

SeveritySignalEvidence
mediumJava Unsafe DeserializeObjectInputStream / XStream.fromXML — untrusted deserialization sink. · is/codion/framework/servlet/EntityService.java

Scanned versions

VersionVerdictScoreScanned (UTC)
0.18.76Review102026-06-16

Block this in CI

PkgRadar gates is.codion:codion-framework-servlet (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem maven is.codion:[email protected]
Start free — 25 scans / moView full evidence