11 matches found
CVE-2026-24656
Deserialization of Untrusted Data vulnerability in Apache Karaf Decanter. The Decanter log socket collector exposes the port 4560, without authentication. If the collector exposes allowed classes property, this configuration can be bypassed. It means that the log socket collector is vulnerable to...
Apache Karaf Decanter has Deserialization of Untrusted Data in its Log Socket Collector
Deserialization of Untrusted Data vulnerability in Apache Karaf Decanter. The Decanter Log Socket Collector exposes port 4560 without authentication. If the collector exposes allowed classes property, this configuration can be bypassed. The Log Socket Collector is vulnerable to deserialization of...
GHSA-JMW5-58C7-587H Apache Karaf Decanter has Deserialization of Untrusted Data in its Log Socket Collector
Deserialization of Untrusted Data vulnerability in Apache Karaf Decanter. The Decanter Log Socket Collector exposes port 4560 without authentication. If the collector exposes allowed classes property, this configuration can be bypassed. The Log Socket Collector is vulnerable to deserialization of...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the log-socket collector process. An attacker can execute arbitrary code or cause a denial of service by sending specially crafted serialized objects to the exposed port 4560 when the allowed classe...
CVE-2026-24656
Deserialization of Untrusted Data vulnerability in Apache Karaf Decanter. The Decanter log socket collector exposes the port 4560, without authentication. If the collector exposes allowed classes property, this configuration can be bypassed. It means that the log socket collector is vulnerable to...
CVE-2026-24656
Deserialization of Untrusted Data vulnerability in Apache Karaf Decanter. The Decanter log socket collector exposes the port 4560, without authentication. If the collector exposes allowed classes property, this configuration can be bypassed. It means that the log socket collector is vulnerable to...
CVE-2026-24656
Concretely, CVE-2026-24656 affects Apache Karaf Decanter before 2.12.0, specifically the Decanter log socket collector that exposes port 4560 without authentication. If the collector exposes the allowed-classes property, this configuration can be bypassed, allowing deserialization of untrusted da...
CVE-2026-24656
Deserialization of Untrusted Data vulnerability in Apache Karaf Decanter. The Decanter log socket collector exposes the port 4560, without authentication. If the collector exposes allowed classes property, this configuration can be bypassed. It means that the log socket collector is vulnerable to...
EUVD-2026-4680
Deserialization of Untrusted Data vulnerability in Apache Karaf Decanter. The Decanter log socket collector exposes the port 4560, without authentication. If the collector exposes allowed classes property, this configuration can be bypassed. It means that the log socket collector is vulnerable to...
CVE-2026-24656 Apache Karaf: Decanter log-socket collector has deserialization vulnerability
Deserialization of Untrusted Data vulnerability in Apache Karaf Decanter. The Decanter log socket collector exposes the port 4560, without authentication. If the collector exposes allowed classes property, this configuration can be bypassed. It means that the log socket collector is vulnerable to...
Apache Karaf Decanter security vulnerability
Apache Karaf Decanter is a monitoring and alerting module of the Apache Foundation. Versions of Apache Karaf Decanter prior to 2.12.0 contained a security vulnerability, which stemmed from the log socket collectorโs inability to deserialize trusted data, potentially leading to denial-of-service...