Get ahead
VMware offers training and certification to turbo-charge your progress.
Learn moreApplications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect attack or to a SSRF attack if the URL is used after passing validation checks.
Spring Framework:
| Fix version | Availability |
|---|---|
| 6.1.4 | OSS |
| 6.0.17 | OSS |
| 5.3.32 | OSS |
No further mitigation steps are necessary.
The issue was identified and responsibly reported by Sean Pesce from Motorola Solutions.
To report a security vulnerability for a project within the Spring portfolio, see the Security Policy