1878 matches found
CVE-2024-22259
Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL e.g. through a query parameter AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF...
DEBIAN-CVE-2024-22259
Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL e.g. through a query parameter AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF...
CVE-2024-22259
Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL e.g. through a query parameter AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF...
UBUNTU-CVE-2024-22259
Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL e.g. through a query parameter AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF...
CVE-2024-22259
Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL e.g. through a query parameter AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF...
CVE-2024-22259 CVE-2024-22259: Spring Framework URL Parsing with Host Validation (2nd report)
Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL e.g. through a query parameter AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF...
CVE-2024-22259
CVE-2024-22259 affects Spring Framework’s UriComponentsBuilder when parsing an externally provided URL and validating its host, potentially enabling open redirect or SSRF if the URL is used after validation. The CVE has CVSS 3.1 base score 8.1 (HIGH). Connected advisories from Atlassian/Broadcom ...
CVE-2024-22259 CVE-2024-22259: Spring Framework URL Parsing with Host Validation (2nd report)
Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL e.g. through a query parameter AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF...
CVE-2024-22259
Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL e.g. through a query parameter AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF...
Spring Framework Security Vulnerabilities
Spring Framework is the U.S. Spring team of a set of open source Java, JavaEE application framework. The framework helps developers build high-quality applications. Spring Framework has a security vulnerability that stems from vulnerability to open redirection attacks...
VMware Spring Framework < 5.3.33, 6.0.x < 6.0.18, 6.1.x < 6.1.5 SSRF Vulnerability - Linux
The VMware Spring Framework is prone to a server-side request forgery SSRF vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
VMware Spring Framework < 5.3.33, 6.0.x < 6.0.18, 6.1.x < 6.1.5 SSRF Vulnerability - Windows
The VMware Spring Framework is prone to a server-side request forgery SSRF vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
PT-2024-2177 · Unknown +2 · Spring Framework +3
Name of the Vulnerable Software and Affected Versions: Spring Framework versions prior to 6.1.5 Spring Framework versions prior to 6.0.18 Spring Framework versions prior to 5.3.33 Description: The issue exists due to insufficient validation of user-input data in the UriComponentsBuilder component...
This Week in Spring - March 5th, 2024
Hi, Spring fans! Welcome to another exciting roundup of This Week in Spring! I expect many of you are reading this for the first time, especially with Facebook and Instagram being down. People have been exploring all the other lesser-known corners of the web, looking for their daily "doom scroll....
The vulnerability of the Spring Framework software lies in the insufficient validation of data entered by users, which allows attackers to carry out SSRF attacks.
The vulnerability of the Spring Framework exists due to insufficient validation of data entered by users. Exploiting this vulnerability allows a malicious actor to perform an SSRF attack remotely...
CVE-2024-22243
A vulnerability was discovered in Spring Framework. Under certain conditions, an attacker might be able to trigger an open redirect. This issue can simplify the process of conducting a phishing attack against users of the deployment. Mitigation Mitigation for this issue is either not available or...
CVE-2024-22243 CVE-2024-22243: Spring Framework URL Parsing with Host Validation
Applications that use UriComponentsBuilder to parse an externally provided URL e.g. through a query parameter AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is...
CVE-2024-22243 CVE-2024-22243: Spring Framework URL Parsing with Host Validation
Applications that use UriComponentsBuilder to parse an externally provided URL e.g. through a query parameter AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is...
Spring Framework Security Vulnerabilities
Spring Framework is the U.S. Spring team of a set of open source Java, JavaEE application framework. The framework helps developers build high-quality applications. A security vulnerability exists in Spring Framework that stems from the vulnerability to open redirection or server request forgery...
VMware Spring Framework < 5.3.32, 6.0.x < 6.0.17, 6.1.x < 6.1.4 Open Redirect / SSRF Vulnerability - Windows
The VMware Spring Framework is prone to an open redirect or server-side request forgery SSRF vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...