CVE-2024-22243: Spring Framework URL Parsing with Host Validation
search cancel

CVE-2024-22243: Spring Framework URL Parsing with Host Validation

book

Article ID: 366657

calendar_today

Updated On:

Products

CA Release Automation - Release Operations Center (Nolio)

Issue/Introduction

One of these following security vulnerabilities have been detected :

CVE-2024-22243: Spring Framework URL Parsing with Host Validation
https://spring.io/security/cve-2024-22243

CVE-2024-22259: Spring Framework URL Parsing with Host Validation (2nd report)
https://spring.io/security/cve-2024-22259

CVE-2024-22262: Spring Framework URL Parsing with Host Validation (3rd report)
https://spring.io/security/cve-2024-22262

How to resolve this ?

Environment

Release Automation 6.8, 6.9

Resolution

Srping version 5.3.34 will be included in patch 6.8.4 and 6.9.1 (these patches should be published soon May/June 2024).
Apply this patch on NAC, NES and Agents.