2 matches found
CVE-2024-22262
CVE-2024-22262 concerns Spring Framework URL parsing via UriComponentsBuilder, where parsing an externally supplied URL and validating its host may enable an open redirect or an SSRF if used after validation. Connected advisories reiterate the same input pattern and tie the CVE to Spring Web depe...
CVE-2024-22259
Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL e.g. through a query parameter AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF...