issues
search
julz0815
/
test-action
0
stars
1
forks
source link
CVE: 2024-22262 found in Spring Web - Version: 4.3.10.RELEASE [JAVA]
#1151
Open
github-actions[bot]
opened
2 hours ago
github-actions[bot]
commented
2 hours ago
Veracode Software Composition Analysis
Attribute
Details
Library
Spring Web
Description
Spring Web
Language
JAVA
Vulnerability
Open Redirect
Vulnerability description
org.springframework: spring-web is vulnerable Open Redirect. The vulnerability is caused due to improper validation checks on the host of the parsed URL, which could lead to potential SSRF attacks if the URL is utilized post-validation.
CVE
2024-22262
CVSS score
7.8
Vulnerability present in version/s
3.1.0.M1-5.3.33
Found library version/s
4.3.10.RELEASE
Vulnerability fixed in version
5.3.34
Library latest version
6.2.0-RC1
Fix
Please update to 5.3.34
Links:
https://sca.analysiscenter.veracode.com/vulnerability-database/libraries/1104?version=4.3.10.RELEASE
https://sca.analysiscenter.veracode.com/vulnerability-database/vulnerabilities/46494
Patch:
https://github.com/spring-projects/spring-framework/commit/7678286fb3efa7bd7719ffe3055da9ed01e9f2f9
Veracode Software Composition Analysis
Links: