PkgRadar

Maven · repo1.maven.org

org.wso2.org.apache.commons:commons-vfs2

Reverse Shell, Java Dynamic Classload, Credential file access

Why PkgRadar flagged 2.10.0-wso2v8

SeveritySignalEvidence
highReverse Shellorg/wso2/org/apache/commons/vfs2/provider/sftp/SftpStreamProxy.java
mediumJava Dynamic Classloadorg/wso2/org/apache/commons/vfs2/impl/VFSClassLoader.java

Showing signal labels only. Sign in to view the exact matched indicators for each finding.

Scanned versions

VersionVerdictScoreScanned (UTC)
2.10.0-wso2v8High risk322026-06-26

Block this in CI

PkgRadar gates org.wso2.org.apache.commons:commons-vfs2 (and every other dependency) before it merges. One line in your pipeline:

pkgradar gate --ecosystem maven org.wso2.org.apache.commons:[email protected]
Start free — 25 scans / moView full evidence