/
DirectorySecurity AdvisoriesPricing
Sign In
Security Advisories

CVE-2024-22259

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-22259

Severity

Unknown

Description

Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html  attack or to a SSRF attack if the URL is used after passing validation checks.

This is the same as CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input.

References

  • https://images.chainguard.dev/security/CGA-q3hr-q8wm-wcrp
  • https://github.com/advisories/GHSA-hgjh-9rj2-g67j
  • https://images.chainguard.dev/security/CGA-hvcm-wgg5-m9qh
  • https://security.netapp.com/advisory/ntap-20240524-0002/
  • https://spring.io/security/cve-2024-22259
  • https://security-tracker.debian.org/tracker/CVE-2024-22259

Affected packages

Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2025 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Products

Chainguard ContainersChainguard LibrariesChainguard VMs

Why Chainguard

FedRAMPPCICVE RemediationGolden Images

Customers

Customer StoriesChainguard Love

Company

About UsPricingContact UsOpen SourceCareersNewsroomLegal

Resources

Unchained BlogEventsTrust CenterDocumentation