CVE-2024-22259 — Open Redirect in Spring Framework

CWE-601 — Open Redirect12 documents8 sources

Severity

8.1HIGHNVD

EPSS

56.4%

top 1.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Spring Framework Vmware Spring Framework

Timeline

PublishedMar 16

Latest updateJul 15

Description

Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is used after passing validation checks. This is the same as CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages2 packages

▶CVEListV5spring/spring_framework6.1.x — 6.1.5+2

▶NVDvmware/spring_framework6.0.0 — 6.0.18+2

🔴Vulnerability Details

GHSA

Spring Framework URL Parsing with Host Validation↗2024-04-16

▶

CVEList

CVE-2024-22259: Spring Framework URL Parsing with Host Validation (2nd report)↗2024-03-16

▶

OSV

Spring Framework URL Parsing with Host Validation Vulnerability↗2024-03-16

▶

GHSA

Spring Framework URL Parsing with Host Validation Vulnerability↗2024-03-16

▶

OSV

CVE-2024-22259: Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL (e↗2024-03-16

▶

📋Vendor Advisories

Oracle

Oracle Oracle Fusion Middleware Risk Matrix: Third Party (Spring Framework) — CVE-2024-22259↗2024-07-15

▶

Red Hat

springframework: URL Parsing with Host Validation↗2024-04-16

▶

Oracle

Oracle Oracle Communications Risk Matrix: Configuration (Spring Web Services) — CVE-2024-22259↗2024-04-15

▶

Red Hat

springframework: URL Parsing with Host Validation↗2024-03-16

▶

Debian

CVE-2024-22259: libspring-java - Applications that use UriComponentsBuilder in Spring Framework to parse an exter...↗2024

▶