Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2024-22262

Good to know:

icon
icon

Date: April 16, 2024

Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html  attack or to a SSRF attack if the URL is used after passing validation checks. This is the same as CVE-2024-22259 https://spring.io/security/cve-2024-22259  and CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input.

Language: Java

Severity Score

Related Resources (7)

https://nvd.nist.gov/vuln/detail/CVE-2024-22262
https://security.netapp.com/advisory/ntap-20240524-0003/
https://github.com/spring-projects/spring-framework/blob/main/spring-web/src/main/java/org/springframework/web/util/UriComponentsBuilder.java
https://spring.io/security/cve-2024-22262
https://security.netapp.com/advisory/ntap-20240524-0003
https://github.com/spring-projects/spring-framework
https://www.mend.io/vulnerability-database/CVE-2024-22262

Severity Score

Weakness Type (CWE)

Server-Side Request Forgery (SSRF)

CWE-918

URL Redirection to Untrusted Site ('Open Redirect')

CWE-601

Top Fix

icon

Upgrade Version

Upgrade to version org.springframework:spring-web:5.3.34;6.0.19,6.1.6

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): NONE

Do you need more information?

Contact Us