VYPR

Maven package

org.apache.karaf.decanter.collector/org.apache.karaf.decanter.collector.log.socket

pkg:maven/org.apache.karaf.decanter.collector/org.apache.karaf.decanter.collector.log.socket

Vulnerabilities (1)

  • CVE-2026-24656Jan 26, 2026
    affected < 2.12.0fixed 2.12.0

    Deserialization of Untrusted Data vulnerability in Apache Karaf Decanter. The Decanter log socket collector exposes the port 4560, without authentication. If the collector exposes allowed classes property, this configuration can be bypassed. It means that the log socket collect