Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-22259

Опубликовано: 16 мар. 2024
Источник: redhat
CVSS3: 8.1
EPSS Средний

Описание

Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html  attack or to a SSRF attack if the URL is used after passing validation checks. This is the same as CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input.

A vulnerability was found in Spring Framework. Affected versions of this package are vulnerable to an Open Redirect when using UriComponentsBuilder to parse an externally provided URL and perform validation checks on the host of the parsed URL.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
A-MQ Clients 2springframeworkNot affected
Red Hat build of Apache Camel for Spring Boot 3springframeworkNot affected
Red Hat build of Apache Camel for Spring Boot 4springframeworkAffected
Red Hat build of Apache Camel - HawtIO 4springframeworkNot affected
Red Hat Build of KeycloakspringframeworkNot affected
Red Hat build of OptaPlanner 8springframeworkFix deferred
Red Hat Data Grid 8springframeworkNot affected
Red Hat Fuse 7springframeworkAffected
Red Hat Integration Camel K 1springframeworkNot affected
Red Hat JBoss Data Grid 7springframeworkNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-601
https://bugzilla.redhat.com/show_bug.cgi?id=2269846springframework: URL Parsing with Host Validation

EPSS

Процентиль: 96%
0.24873
Средний

8.1 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2024-22259

CVSS3: 8.1
ubuntu
больше 1 года назад

Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is used after passing validation checks. This is the same as CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input.

nvd логотип

CVE-2024-22259

CVSS3: 8.1
nvd
больше 1 года назад

Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html  attack or to a SSRF attack if the URL is used after passing validation checks. This is the same as CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input.

debian логотип

CVE-2024-22259

CVSS3: 8.1
debian
больше 1 года назад

Applications that use UriComponentsBuilder in Spring Frameworkto parse ...

github логотип

GHSA-hgjh-9rj2-g67j

CVSS3: 8.1
github
больше 1 года назад

Spring Framework URL Parsing with Host Validation Vulnerability

fstec логотип

BDU:2024-02091

CVSS3: 8.1
fstec
больше 1 года назад

Уязвимость компонента анализа URL-адресов UriComponentsBuilder программной платформы Spring Framework, позволяющая нарушителю осуществить SSRF-атаку

EPSS

Процентиль: 96%
0.24873
Средний

8.1 High

CVSS3