CVE-2024-22243: Spring Framework URL Parsing with Host Validation
CVE-2024-22243: Spring Framework URL Parsing with Host Validation Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect attack or to a SSRF attack if the URL is used after passing validation checks.
リリース、障害情報などのサービスのお知らせ
最新の人気エントリーの配信
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
Spring Boot 3.3.1 available now
Spring AI 1.0.0 M1 released
Spring Boot 3.3.0 available now
Spring Batch 5.0.6 and 5.1.2 available now
CVE-2024-22262: Spring Framework URL Parsing with Host Validation (3rd report)
Spring Boot 3.3.0-M3 available now
Spring Framework 6.1.5, 6.0.18 and 5.3.33 Available Now Including Fixes for CVE-2024-22259
Support timeline announcement for Spring Framework 6.0.x and 5.3.x
Spring Boot 3.3.0-M2 available now
Spring Boot 3.3.0-M1 available now
Spring for Apache Pulsar 1.0.2 available now
Spring Web Services 4.0.10 is released
Spring Boot 3.2.1 available now
Spring Boot 3.1.7 available now
Spring Boot 3.2.0 available now
Spring Boot 2.7.16 available now
Spring Boot 3.1.4 available now
Spring Boot 2.7.15 available now
Spring Boot 3.0.10 available now