Spring Product Security Update Advisory (CVE-2024-22262)

Apr 17 2024

Overview

We have released security updates to fix vulnerabilities in Spring products. users of affected products are advised to update to the latest version.

Affected Products

Spring Framework

6.1.0 – 6.1.5 Versions
6.0.0 – 6.0.18 Versions
5.3.0 – 5.3.33 Versions

Resolved Vulnerabilities

Public redirect vulnerability when using UriComponentsBuilder to parse an externally supplied URL and perform validation on the host of the parsed URL (CVE-2024-22262)

Vulnerability Patches

Vulnerability Patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

Spring Framework

6.1.6 Version
6.0.19 Version
5.3.34 Version

Referenced Sites

[1] CVE-2024-22262: Spring Framework URL Parsing with Host Validation (3rd report)

https://spring.io/security/cve-2024-22262

Spring Product Security Update Advisory (CVE-2024-22262)

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Siemens Family Security Update Advisory

Mozilla Products April 2024 1st Security Update Advisory

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Tags:

Siemens Family Security Update Advisory

Mozilla Products April 2024 1st Security Update Advisory