User would like to know impact of CVE (CVE-2024-22243) i.e Spring Framework Open redirect vulnerability.

NCM - 10.1.x

According to NVD CVE-2024-22243 description, applications that use 'UriComponentsBuilder' to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect attack or to a SSRF attack if the URL is used after passing validation checks and Spring framework impacted are (6.0.0 - 6.0.16, 6.1.0 - 6.1.3 and 5.3.0 - 5.3.31).

Latest NCM i.e 10.1.13 uses Spring Framework 5.3.28; NCM does not use 'UriComponentsBuilder' hence NCM is not impacted of this vulnerability. 

NOTE: Spring Framework would be upgraded to 6.1.11 in 24.3.10 which is planned to release in second week of June 2025.