{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-22259", "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "state": "PUBLISHED", "assignerShortName": "vmware", "dateReserved": "2024-01-08T18:43:15.943Z", "datePublished": "2024-03-16T04:40:08.680Z", "dateUpdated": "2025-02-13T17:33:39.598Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "packageName": "Spring Framework", "product": "Spring Framework", "vendor": "Spring", "versions": [{"lessThan": "6.1.5", "status": "affected", "version": "6.1.x", "versionType": "git"}, {"lessThan": "6.0.18", "status": "affected", "version": "6.0.x", "versionType": "git"}, {"lessThan": "5.3.33", "status": "affected", "version": "5.3.x", "versionType": "git"}]}], "datePublic": "2024-03-15T10:36:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Applications that use <code>UriComponentsBuilder in Spring Framework</code>&nbsp;to parse an externally provided URL (e.g. through a query parameter) <em>AND</em>&nbsp;perform validation checks on the host of the parsed URL may be vulnerable to a <a target=\"_blank\" rel=\"nofollow\" href=\"https://cwe.mitre.org/data/definitions/601.html\">open redirect</a>&nbsp;attack or to a SSRF attack if the URL is used after passing validation checks.</p><p>This is the same as <a target=\"_blank\" rel=\"nofollow\" href=\"https://spring.io/security/cve-2024-22243\">CVE-2024-22243</a>, but with different input.</p><br>"}], "value": "Applications that use UriComponentsBuilder in Spring Framework\u00a0to parse an externally provided URL (e.g. through a query parameter) AND\u00a0perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html \u00a0attack or to a SSRF attack if the URL is used after passing validation checks.\n\nThis is the same as CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware", "dateUpdated": "2024-06-10T18:08:02.696Z"}, "references": [{"url": "https://spring.io/security/cve-2024-22259"}, {"url": "https://security.netapp.com/advisory/ntap-20240524-0002/"}], "source": {"discovery": "UNKNOWN"}, "title": "CVE-2024-22259: Spring Framework URL Parsing with Host Validation (2nd report)", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-601", "lang": "en", "description": "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')"}]}], "affected": [{"vendor": "vmware", "product": "spring_framework", "cpes": ["cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "6.1.0", "status": "affected", "lessThan": "6.1.5", "versionType": "custom"}, {"version": "6.0.0", "status": "affected", "lessThan": "6.0.18", "versionType": "custom"}, {"version": "5.3.0", "status": "affected", "lessThan": "5.3.33", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-08-27T03:55:11.965544Z", "id": "CVE-2024-22259", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-27T13:56:18.445Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:43:34.152Z"}, "title": "CVE Program Container", "references": [{"url": "https://spring.io/security/cve-2024-22259", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240524-0002/", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://spring.io/security/cve-2024-22259", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240524-0002/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:43:34.152Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-22259", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-08-27T03:55:11.965544Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*"], "vendor": "vmware", "product": "spring_framework", "versions": [{"status": "affected", "version": "6.1.0", "lessThan": "6.1.5", "versionType": "custom"}, {"status": "affected", "version": "6.0.0", "lessThan": "6.0.18", "versionType": "custom"}, {"status": "affected", "version": "5.3.0", "lessThan": "5.3.33", "versionType": "custom"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-601", "description": "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-03T15:20:34.139Z"}}], "cna": {"title": "CVE-2024-22259: Spring Framework URL Parsing with Host Validation (2nd report)", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Spring", "product": "Spring Framework", "versions": [{"status": "affected", "version": "6.1.x", "lessThan": "6.1.5", "versionType": "git"}, {"status": "affected", "version": "6.0.x", "lessThan": "6.0.18", "versionType": "git"}, {"status": "affected", "version": "5.3.x", "lessThan": "5.3.33", "versionType": "git"}], "packageName": "Spring Framework", "defaultStatus": "affected"}], "datePublic": "2024-03-15T10:36:00.000Z", "references": [{"url": "https://spring.io/security/cve-2024-22259"}, {"url": "https://security.netapp.com/advisory/ntap-20240524-0002/"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Applications that use UriComponentsBuilder in Spring Framework\u00a0to parse an externally provided URL (e.g. through a query parameter) AND\u00a0perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html \u00a0attack or to a SSRF attack if the URL is used after passing validation checks.\n\nThis is the same as CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input.\n\n", "supportingMedia": [{"type": "text/html", "value": "<p>Applications that use <code>UriComponentsBuilder in Spring Framework</code>&nbsp;to parse an externally provided URL (e.g. through a query parameter) <em>AND</em>&nbsp;perform validation checks on the host of the parsed URL may be vulnerable to a <a target=\"_blank\" rel=\"nofollow\" href=\"https://cwe.mitre.org/data/definitions/601.html\">open redirect</a>&nbsp;attack or to a SSRF attack if the URL is used after passing validation checks.</p><p>This is the same as <a target=\"_blank\" rel=\"nofollow\" href=\"https://spring.io/security/cve-2024-22243\">CVE-2024-22243</a>, but with different input.</p><br>", "base64": false}]}], "providerMetadata": {"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware", "dateUpdated": "2024-03-16T04:40:08.680Z"}}}, "cveMetadata": {"cveId": "CVE-2024-22259", "state": "PUBLISHED", "dateUpdated": "2024-08-27T13:56:18.445Z", "dateReserved": "2024-01-08T18:43:15.943Z", "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "datePublished": "2024-03-16T04:40:08.680Z", "assignerShortName": "vmware"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*", "matchCriteriaId": "265CE42F-68C0-46AD-80E8-382D052833E6", "versionEndExcluding": "5.3.33", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*", "matchCriteriaId": "1C1F744C-2328-45FA-BA6F-EAC3AA1E4FC6", "versionEndExcluding": "6.0.18", "versionStartIncluding": "6.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*", "matchCriteriaId": "D4C4F614-8E7A-4FFE-BC70-1728739E8E3C", "versionEndExcluding": "6.1.5", "versionStartIncluding": "6.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*", "matchCriteriaId": "F3E0B672-3E06-4422-B2A4-0BD073AEC2A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Applications that use UriComponentsBuilder in Spring Framework\u00a0to parse an externally provided URL (e.g. through a query parameter) AND\u00a0perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html \u00a0attack or to a SSRF attack if the URL is used after passing validation checks.\n\nThis is the same as CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input."}, {"lang": "es", "value": "Las aplicaciones que utilizan UriComponentsBuilder en Spring Framework para analizar una URL proporcionada externamente (por ejemplo, a trav\u00e9s de un par\u00e1metro de consulta) Y realizan comprobaciones de validaci\u00f3n en el host de la URL analizada pueden ser vulnerables a una redirecci\u00f3n abierta https://cwe.mitre.org/data/ definiciones/601.html o a un ataque SSRF si la URL se utiliza despu\u00e9s de pasar las comprobaciones de validaci\u00f3n. Esto es lo mismo que CVE-2024-22243 https://spring.io/security/cve-2024-22243, pero con entradas diferentes."}], "id": "CVE-2024-22259", "lastModified": "2025-06-10T15:55:48.787", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "[email protected]", "type": "Secondary"}]}, "published": "2024-03-16T05:15:20.830", "references": [{"source": "[email protected]", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20240524-0002/"}, {"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "https://spring.io/security/cve-2024-22259"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20240524-0002/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://spring.io/security/cve-2024-22259"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-601"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2024:2945", "cpe": "cpe:/a:redhat:amq_broker:7.12", "package": "springframework", "product_name": "Red Hat AMQ Broker 7", "release_date": "2024-05-21T00:00:00Z"}], "bugzilla": {"description": "springframework: URL Parsing with Host Validation", "id": "2269846", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2269846"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "status": "verified"}, "cwe": "CWE-601", "details": ["Applications that use UriComponentsBuilder in Spring Framework\u00a0to parse an externally provided URL (e.g. through a query parameter) AND\u00a0perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html \u00a0attack or to a SSRF attack if the URL is used after passing validation checks.\nThis is the same as CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input.", "A vulnerability was found in Spring Framework. Affected versions of this package are vulnerable to an Open Redirect when using UriComponentsBuilder to parse an externally provided URL and perform validation checks on the host of the parsed URL."], "name": "CVE-2024-22259", "package_state": [{"cpe": "cpe:/a:redhat:a_mq_clients:2", "fix_state": "Not affected", "package_name": "springframework", "product_name": "A-MQ Clients 2"}, {"cpe": "cpe:/a:redhat:camel_spring_boot:3", "fix_state": "Not affected", "package_name": "springframework", "product_name": "Red Hat build of Apache Camel for Spring Boot 3"}, {"cpe": "cpe:/a:redhat:camel_spring_boot:4", "fix_state": "Affected", "impact": "low", "package_name": "springframework", "product_name": "Red Hat build of Apache Camel for Spring Boot 4"}, {"cpe": "cpe:/a:redhat:apache_camel_hawtio:4", "fix_state": "Not affected", "package_name": "springframework", "product_name": "Red Hat build of Apache Camel - HawtIO 4"}, {"cpe": "cpe:/a:redhat:build_keycloak:", "fix_state": "Not affected", "impact": "low", "package_name": "springframework", "product_name": "Red Hat Build of Keycloak"}, {"cpe": "cpe:/a:redhat:optaplanner:::el6", "fix_state": "Fix deferred", "impact": "low", "package_name": "springframework", "product_name": "Red Hat build of OptaPlanner 8"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:8", "fix_state": "Not affected", "package_name": "springframework", "product_name": "Red Hat Data Grid 8"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Affected", "package_name": "springframework", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:integration:1", "fix_state": "Not affected", "package_name": "springframework", "product_name": "Red Hat Integration Camel K 1"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:7", "fix_state": "Not affected", "package_name": "springframework", "product_name": "Red Hat JBoss Data Grid 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7", "fix_state": "Not affected", "package_name": "springframework", "product_name": "Red Hat JBoss Enterprise Application Platform 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8", "fix_state": "Not affected", "package_name": "springframework", "product_name": "Red Hat JBoss Enterprise Application Platform 8"}, {"cpe": "cpe:/a:redhat:jbosseapxp", "fix_state": "Not affected", "package_name": "springframework", "product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "fix_state": "Fix deferred", "impact": "low", "package_name": "springframework", "product_name": "Red Hat Process Automation 7"}, {"cpe": "cpe:/a:redhat:red_hat_single_sign_on:7", "fix_state": "Not affected", "package_name": "springframework", "product_name": "Red Hat Single Sign-On 7"}, {"cpe": "cpe:/a:redhat:openshift_application_runtimes:1.0", "fix_state": "Not affected", "package_name": "springframework", "product_name": "Red Hat support for Spring Boot"}, {"cpe": "cpe:/a:redhat:amq_streams:1", "fix_state": "Not affected", "package_name": "springframework", "product_name": "streams for Apache Kafka"}], "public_date": "2024-03-16T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-22259\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-22259\nhttps://spring.io/security/cve-2024-22259"], "threat_severity": "Important"}