Maven · repo1.maven.org
tech.ydb.jdbc:ydb-jdbc-driver-shaded
Java Dynamic Classload: URLClassLoader / defineClass — runs attacker-provided bytecode.
Why PkgRadar flagged 2.3.26
| Severity | Signal | Evidence |
|---|---|---|
| medium | Java Dynamic Classload | URLClassLoader / defineClass — runs attacker-provided bytecode. · tech/ydb/shaded/google/common/base/FinalizableReferenceQueue.java |
| high | Java Static Init Side Effect | Static-initializer block contains process/network/reflection — runs on first class load. · tech/ydb/shaded/google/common/base/FinalizableReferenceQueue.java |
| medium | Remote Payload | matched "cURL " · tech/ydb/jdbc/settings/YdbConfig.java |
Scanned versions
| Version | Verdict | Score | Scanned (UTC) |
|---|---|---|---|
2.3.26 | High risk | 71 | 2026-06-11 |
Block this in CI
pkgradar gate --ecosystem maven tech.ydb.jdbc:[email protected]