PkgRadar

Maven · repo1.maven.org

org.wso2.carbon.identity.inbound.auth.sts:org.wso2.carbon.identity.sts.store

Java Unsafe Deserialize: ObjectInputStream / XStream.fromXML — untrusted deserialization sink.

Why PkgRadar flagged 5.14.2

SeveritySignalEvidence
mediumJava Unsafe DeserializeObjectInputStream / XStream.fromXML — untrusted deserialization sink. · org/wso2/carbon/identity/sts/store/dao/DBStsDAO.java

Scanned versions

VersionVerdictScoreScanned (UTC)
5.14.2Review102026-06-15

Block this in CI

PkgRadar gates org.wso2.carbon.identity.inbound.auth.sts:org.wso2.carbon.identity.sts.store (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem maven org.wso2.carbon.identity.inbound.auth.sts:[email protected]
Start free — 25 scans / moView full evidence