VulnerableCode Package Details - pkg:maven/org.springframework/spring-web@6.1.5

Search for packages

Vulnerability	Summary	Fixed by
VCID-1rv3-3z83-2yd1 Aliases: CVE-2024-22262 GHSA-2wrp-6fg6-hmc5	Spring Framework URL Parsing with Host Validation Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is used after passing validation checks. This is the same as CVE-2024-22259 https://spring.io/security/cve-2024-22259 and CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input.	6.1.6 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-7mrx-1x83-uugp Aliases: CVE-2024-38809 GHSA-2rmj-mq67-h97g	Spring Framework DoS via conditional HTTP request Applications that parse ETags from `If-Match` or `If-None-Match` request headers are vulnerable to DoS attack.	6.1.12 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-1rv3-3z83-2yd1
Aliases:
CVE-2024-22262
GHSA-2wrp-6fg6-hmc5

Spring Framework URL Parsing with Host Validation Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is used after passing validation checks. This is the same as CVE-2024-22259 https://spring.io/security/cve-2024-22259 and CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input.

6.1.6
Affected by 1 other vulnerability.

VCID-7mrx-1x83-uugp
Aliases:
CVE-2024-38809
GHSA-2rmj-mq67-h97g

Spring Framework DoS via conditional HTTP request Applications that parse ETags from `If-Match` or `If-None-Match` request headers are vulnerable to DoS attack.

6.1.12
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-pnme-zmz2-2ubh	Spring Framework URL Parsing with Host Validation Vulnerability Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is used after passing validation checks. This is the same as CVE-2024-22243 https://spring.io/security/cve-2024-22243, but with different input.	CVE-2024-22259 GHSA-hgjh-9rj2-g67j

Vulnerability

Summary

Aliases

VCID-pnme-zmz2-2ubh

Spring Framework URL Parsing with Host Validation Vulnerability Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is used after passing validation checks. This is the same as CVE-2024-22243 https://spring.io/security/cve-2024-22243, but with different input.

CVE-2024-22259
GHSA-hgjh-9rj2-g67j

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-06T05:24:28.656652+00:00	GitLab Importer	Affected by	VCID-7mrx-1x83-uugp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-web/CVE-2024-38809.yml	38.6.0
2026-06-06T04:49:25.675313+00:00	GitLab Importer	Affected by	VCID-1rv3-3z83-2yd1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-web/CVE-2024-22262.yml	38.6.0
2026-06-05T21:41:10.844610+00:00	GHSA Importer	Fixing	VCID-pnme-zmz2-2ubh	https://github.com/advisories/GHSA-hgjh-9rj2-g67j	38.6.0
2026-06-04T16:49:39.319663+00:00	GithubOSV Importer	Fixing	VCID-pnme-zmz2-2ubh	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/03/GHSA-hgjh-9rj2-g67j/GHSA-hgjh-9rj2-g67j.json	38.6.0
2026-06-02T04:47:23.161580+00:00	GitLab Importer	Fixing	VCID-pnme-zmz2-2ubh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.springframework/spring-web/CVE-2024-22259.yml	38.6.0