-
Notifications
You must be signed in to change notification settings - Fork 12.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Upgrade Spring to 5.3.34 to fix CVE-2024-22262 #11980
Labels
dependencies
Pull requests that update a dependency file
Comments
cxhello
added a commit
to cxhello/nacos
that referenced
this issue
Apr 19, 2024
cxhello
added a commit
to cxhello/nacos
that referenced
this issue
Apr 19, 2024
5 tasks
cxhello
added a commit
to cxhello/nacos
that referenced
this issue
Apr 23, 2024
5 tasks
KomachiSion
pushed a commit
that referenced
this issue
Apr 24, 2024
syshenyao
pushed a commit
to syshenyao/nacos
that referenced
this issue
Apr 25, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect attack or to a SSRF attack if the URL is used after passing validation checks.
This is the same as [CVE-2024-22259]and [CVE-2024-22243]but with different input.
The text was updated successfully, but these errors were encountered: