CVE-2024-22257 - Open Redirect / Server-side Request Forgery (SSRF)

Severity: None2024-12-18

Security Advisories

Abstract

In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to 5.8.11, versions 6.0.x prior to 6.0.9, versions 6.1.x prior to 6.1.8, versions 6.2.x prior to 6.2.3, an application is possible vulnerable to broken access control when it directly uses the AuthenticatedVoter#vote passing a null Authentication parameter.

The Oxygen products incorporate Spring Security as a third-party libraries. This advisory was opened to address the potential impact of this third-party libraries vulnerability.

Affected Products/Versions

ProductSeverityFixed Release Availability
Oxygen Feedback v4.1 and olderNone Oxygen Feedback 5.0 build 2024090417
Oxygen Content Fusion v7.0 and olderNone N/A

Mitigation

None

Detail

CVE-2024-22257

Severity: High

CVSS Score: 8.2

The Spring Security third-party libraries used by Oxygen XML products are an affected version mentioned in CVE-2024-22257 vulnerability description. However, Oxygen products do not use AuthenticatedVoter#vote. For that reason Oxygen products are not affected by this vulnerability.

Starting with Oxygen Feedback v5.0 build 2024090417, the Spring Security was updated to a version which fixes this vulnerability.

List of Security Advisories

Video Tutorials
Upcoming Events
conference
ConVEx San Jose

Products

Features

Shop

Resources

Support

Company

© 2002-2025 SyncRO Soft SRL. All rights reserved.

This website was created & generated with <oXygen/>®XML Editor