Maven · repo1.maven.org
net.hasor:cobble-all
Java Dynamic Classload: URLClassLoader / defineClass — runs attacker-provided bytecode.
Why PkgRadar flagged 5.0.0
| Severity | Signal | Evidence |
|---|---|---|
| medium | Java Dynamic Classload | URLClassLoader / defineClass — runs attacker-provided bytecode. · net/hasor/cobble/dynamic/Proxy.java |
| medium | Java Dynamic Classload | URLClassLoader / defineClass — runs attacker-provided bytecode. · net/hasor/cobble/loader/CobbleClassLoader.java |
| medium | Java Static Init Side Effect | Static-initializer block contains process/network/reflection — runs on first class load (contributory signal). · net/hasor/cobble/io/IOUtils.java |
| medium | Java Static Init Side Effect | Static-initializer block contains process/network/reflection — runs on first class load (contributory signal). · net/hasor/cobble/loader/jar/Handler.java |
| medium | Java Static Init Side Effect | Static-initializer block contains process/network/reflection — runs on first class load (contributory signal). · net/hasor/cobble/loader/jar/JarURLConnection.java |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
5.0.0 | Review | 53 | 2026-06-20 |
Block this in CI
pkgradar gate --ecosystem maven net.hasor:[email protected]