CVE: 2024-22262 found in Spring Web - Version: 4.3.10.RELEASE [JAVA]

[github-actions[bot]]

Veracode Software Composition Analysis

Attribute	Details
Library	Spring Web
Description	Spring Web
Language	JAVA
Vulnerability	Open Redirect
Vulnerability description	org.springframework: spring-web is vulnerable Open Redirect. The vulnerability is caused due to improper validation checks on the host of the parsed URL, which could lead to potential SSRF attacks if the URL is utilized post-validation.
CVE	2024-22262
CVSS score	7.8
Vulnerability present in version/s	3.1.0.M1-5.3.33
Found library version/s	4.3.10.RELEASE
Vulnerability fixed in version	5.3.34
Library latest version	6.2.0-RC1
Fix	Please update to 5.3.34

Links:

• https://sca.analysiscenter.veracode.com/vulnerability-database/libraries/1104?version=4.3.10.RELEASE
• https://sca.analysiscenter.veracode.com/vulnerability-database/vulnerabilities/46494
• Patch: https://github.com/spring-projects/spring-framework/commit/7678286fb3efa7bd7719ffe3055da9ed01e9f2f9