Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect attack or to a SSRF attack if the URL is used after passing validation checks. This is the same as CVE-2024-22259 and CVE-2024-22243, but with different input. Upstream advisory: https://spring.io/security/cve-2024-22262
This issue has been addressed in the following products: Red Hat build of Apache Camel 3.20.6 for Spring Boot Via RHSA-2024:3708 https://access.redhat.com/errata/RHSA-2024:3708
Red Hat Fuse 7 does not use the affected function, but the function is still available for user convenience which demands one to validate the input.