Maven · repo1.maven.org
org.redisson:redisson
Java Unsafe Deserialize: ObjectInputStream / XStream.fromXML — untrusted deserialization sink.
Why PkgRadar flagged 4.6.0
| Severity | Signal | Evidence |
|---|---|---|
| medium | Java Unsafe Deserialize | ObjectInputStream / XStream.fromXML — untrusted deserialization sink. · org/redisson/codec/SerializationCodec.java |
| medium | Java Dynamic Classload | URLClassLoader / defineClass — runs attacker-provided bytecode. · org/redisson/executor/RedissonClassLoader.java |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
4.6.0 | Review | 12 | 2026-06-15 |
Block this in CI
pkgradar gate --ecosystem maven org.redisson:[email protected]