Sign In

CVE-2024-22243

ADVISORY - github

Summary

Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect attack or to a SSRF attack if the URL is used after passing validation checks.

EPSS Score: 0.00061 (0.287)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

ADVISORY - github

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

ADVISORY - gitlab

CWE-1035

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

CWE-937

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

ADVISORY - redhat

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

Impacted images

Advisories
Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.

Sign in