Security Advisory

Spring Framework Security Update Advisory (CVE-2024-22243)

  • Feb 28 2024

Overview

 

An update has been made available to fix vulnerabilities in the Spring framework. Users of affected versions are advised to update to the latest version.

 

Affected Products

 

Spring framework

  • 6.versions 1.0 – 6.1.3
  • 6.versions 0.0 – 6.0.16
  • 5.versions 3.0 – 5.3.31
  • older unsupported versions

 

Resolved Vulnerabilities

 

Open Redirect and SSRF vulnerabilities in the Spring framework when using UriComponentsBuilder to parse and validate externally-supplied URLs (CVE-2024-22243)

 

Vulnerability Patches

 

Vulnerability patches were made available in the February 21, 2024 update. Please follow the reference site to update to the latest vulnerability patch version.

Spring Framework

  • 6.version1.4
  • 6.version0.17
  • 5.version3.32

 

Referenced Sites

 

[1] CVE-2024-22243 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-22243
[2] CVE-2024-22243: Spring Framework URL Parsing with Host Validation
https://spring.io/security/CVE-2024-22243 

Tags:

Previous Post

Next Post