XiaoYou201 opened a new pull request, #10148: URL: https://github.com/apache/inlong/pull/10148
### Prepare a Pull Request - [INLONG-XYZ][Component] Title of the pull request Fixes #10145 ### Motivation Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.htmlattack or to a SSRF attack if the URL is used after passing validation checks. This is the same as https://github.com/advisories/GHSA-hgjh-9rj2-g67j https://spring.io/security/cve-2024-22259 and https://github.com/advisories/GHSA-ccgv-vj62-xf9h https://spring.io/security/cve-2024-22243, but with different input. https://spring.io/security/cve-2024-22262 has clearly description. this issue was fixed in 5.3.34, bump to this version could solve this. <img width="538" alt="image" src="https://github.com/apache/inlong/assets/58425449/e1109b8b-9150-457b-9480-716d49af0801";> ### Modifications Change spring version 5.3.32 to 5.3.34. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@inlong.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
