Sign In

CVE-2024-22262

ADVISORY - github

Summary

Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html  attack or to a SSRF attack if the URL is used after passing validation checks.

This is the same as CVE-2024-22259 https://spring.io/security/cve-2024-22259  and CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input.

EPSS Score: 0.00061 (0.287)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

CWE-918

Server-Side Request Forgery (SSRF)

ADVISORY - github

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

ADVISORY - gitlab

CWE-1035

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

CWE-937

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

ADVISORY - redhat

CWE-601

URL Redirection to Untrusted Site ('Open Redirect')

Impacted images

Advisories
Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.

Sign in