Headline

GHSA-ccgv-vj62-xf9h: Spring Web vulnerable to Open Redirect or Server Side Request Forgery

Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect attack or to a SSRF attack if the URL is used after passing validation checks.

9 months ago

ghsa

Open in Source

#vulnerability #web #git #java #ssrf #maven

- Actions
  
  Automate any workflow
- Packages
  
  Host and manage packages
- Security
  
  Find and fix vulnerabilities
- Codespaces
  
  Instant dev environments
- Copilot
  
  Write better code with AI
- Code review
  
  Manage code changes
- Issues
  
  Plan and track work
- Discussions
  
  Collaborate outside of code

- GitHub Sponsors
  
  Fund open source developers

*   The ReadME Project
    
    GitHub community articles

Pricing

Provide feedback

Saved searches****Use saved searches to filter your results more quickly

GitHub Advisory Database
GitHub Reviewed
CVE-2024-22243

Spring Web vulnerable to Open Redirect or Server Side Request Forgery

High severity GitHub Reviewed Published Feb 23, 2024 to the GitHub Advisory Database • Updated Feb 23, 2024

Package

maven org.springframework:spring-web (Maven)

Affected versions

>= 6.1.0, < 6.1.4

>= 6.0.0, < 6.0.17

>= 5.3.0, < 5.3.32

Patched versions

6.1.4

6.0.17

5.3.32

Description

Published to the GitHub Advisory Database

Feb 23, 2024

Last updated

Feb 23, 2024

Related news

Red Hat Security Advisory 2024-3354-03

Red Hat Security Advisory 2024-3354-03 - Red Hat Fuse 7.13.0 release is now available. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Issues addressed include HTTP request smuggling, bypass, denial of service, deserialization, and traversal vulnerabilities.

6 months ago

Packet Storm

Open in Source

#vulnerability #red_hat #dos #apache #js #java #rce #auth