Description

Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html  attack or to a SSRF attack if the URL is used after passing validation checks. This is the same as CVE-2024-22259 https://spring.io/security/cve-2024-22259  and CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input.

INFO

Published Date :

2024-04-16T05:54:12.786Z

Last Modified :

2025-02-13T17:33:40.239Z

Source :

vmware
AFFECTED PRODUCTS

The following products are affected by CVE-2024-22262 vulnerability.

Vendors Products
Redhat
  • Apache Camel Spring Boot
REFERENCES

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact