Maven · repo1.maven.org
org.jboss.weld.servlet:weld-servlet-shaded
Java Dynamic Classload: URLClassLoader / defineClass — runs attacker-provided bytecode.
Why PkgRadar flagged 7.0.0.Beta2
| Severity | Signal | Evidence |
|---|---|---|
| medium | Java Dynamic Classload | URLClassLoader / defineClass — runs attacker-provided bytecode. · org/jboss/classfilewriter/DefaultClassFactory.java |
| medium | Java Dynamic Classload | URLClassLoader / defineClass — runs attacker-provided bytecode. · org/jboss/weld/bean/proxy/ProxyFactory.java |
| medium | Java Jndi Lookup | JNDI / Naming.lookup — remote class-loading primitive (Log4Shell family). · org/jboss/weld/environment/servlet/services/ServletResourceInjectionServices.java |
| medium | Java Jndi Lookup | JNDI / Naming.lookup — remote class-loading primitive (Log4Shell family). · org/jboss/weld/environment/servlet/BeanManagerResourceBindingListener.java |
| medium | Java Dynamic Classload | URLClassLoader / defineClass — runs attacker-provided bytecode. · org/jboss/weld/serialization/spi/ProxyServices.java |
| medium | Java Dynamic Classload | URLClassLoader / defineClass — runs attacker-provided bytecode. · org/jboss/classfilewriter/ClassFile.java |
| medium | Java Dynamic Classload | URLClassLoader / defineClass — runs attacker-provided bytecode. · org/jboss/classfilewriter/ClassFactory.java |
| medium | Java Dynamic Classload | URLClassLoader / defineClass — runs attacker-provided bytecode. · org/jboss/weld/bean/proxy/DummyClassFactoryImpl.java |
| medium | Java Dynamic Classload | URLClassLoader / defineClass — runs attacker-provided bytecode. · org/jboss/weld/bean/proxy/util/WeldDefaultProxyServices.java |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
7.0.0.Beta2 | Review | 100 | 2026-06-10 |
Block this in CI
pkgradar gate --ecosystem maven org.jboss.weld.servlet:[email protected]