{"id":"CVE-2024-22243","details":"Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a  open redirect https://cwe.mitre.org/data/definitions/601.html  attack or to a SSRF attack if the URL is used after passing validation checks.","aliases":["GHSA-ccgv-vj62-xf9h"],"modified":"2026-01-30T02:03:03.852063Z","published":"2024-02-23T05:15:08Z","withdrawn":"2026-01-27T04:20:09.280332Z","related":["CGA-8mhg-rvh5-jcp3"],"references":[{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20240524-0001/"},{"type":"WEB","url":"https://spring.io/security/cve-2024-22243"},{"type":"WEB","url":"http://seclists.org/fulldisclosure/2024/Sep/24"}],"schema_version":"1.7.3"}