Security Bulletin: IBM OpenPages for Cloud Pak for Data is Vulnerable to Multiple Spring Framework Vulnerabilities (CVE-2016-1000027,CVE-2024-22243,CVE-2024-22259,CVE-2024-38809,CVE-2024-22262,CVE-2024-38820,CVE-2024-38828)

Summary Spring MVC controller vulnerable to potential remote code execution RCE , DoS attack and DataBinder Case Sensitive Match Exception. Applications that use UriComponentsBuilder to parse an externally provided URL may be vulnerable to a open redirect...

Linux Distros Unpatched Vulnerability : CVE-2024-22243

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Applications that use UriComponentsBuilder to parse an externally provided URL e.g. through a query parameter AND perform validation checks on the host of the...

Linux Distros Unpatched Vulnerability : CVE-2024-22259

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL e.g. through a query parameter AND perform validation checks ...

springframework: URL Parsing with Host Validation

A flaw was found in the Spring Framework. Applications that use UriComponentsBuilder to parse an externally provided URL, for example, through a query parameter, and perform validation checks on the host of the parsed URL may be vulnerable to an open redirect attack or an SSRF attack if the URL i...

springframework: URL Parsing with Host Validation

A vulnerability was found in Spring Framework. Affected versions of this package are vulnerable to an Open Redirect when using UriComponentsBuilder to parse an externally provided URL and perform validation checks on the host of the parsed URL...

UBUNTU-CVE-2024-22262

Applications that use UriComponentsBuilder to parse an externally provided URL e.g. through a query parameter AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is...

PT-2024-2941 · Unknown +2 · Spring Framework +4

Name of the Vulnerable Software and Affected Versions: Spring Framework versions prior to 5.3.34 Spring Framework versions prior to 6.0.19 Spring Framework versions prior to 6.1.6 Description: The issue exists due to insufficient validation of user-input data in the UriComponentsBuilder component...

DEBIAN-CVE-2024-22259

Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL e.g. through a query parameter AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF...

UBUNTU-CVE-2024-22259

Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL e.g. through a query parameter AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF...

GHSA-CCGV-VJ62-XF9H Spring Web vulnerable to Open Redirect or Server Side Request Forgery

Applications that use UriComponentsBuilder to parse an externally provided URL e.g. through a query parameter AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect attack or to a SSRF attack if the URL is used after passing validation checks...

UBUNTU-CVE-2024-22243

Applications that use UriComponentsBuilder to parse an externally provided URL e.g. through a query parameter AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is...