4 matches found
CVE-2023-49735
UNSUPPORTED WHEN ASSIGNED The value set as the DefaultLocaleResolver.LOCALEKEY attribute on the session was not validated while resolving XML definition files, leading to possible path traversal and eventually SSRF/XXE when passing user-controlled data to this key. Passing user-controlled data to...
CVE-2023-49735
creationtimestamp| type| source ---|---|--- 2023-12-21 15:11:38+00:00| seen| https://t.me/ctinow/157737...
CVE-2023-49735
UNSUPPORTED WHEN ASSIGNED The value set as the DefaultLocaleResolver.LOCALEKEY attribute on the session was not validated while resolving XML definition files, leading to possible path traversal and eventually SSRF/XXE when passing user-controlled data to this key. Passing user-controlled data to...
CVE-2023-49735
CVE-2023-49735 affects Apache Tiles (2 onward). The DefaultLocaleResolver.LOCALE_KEY value, when used to resolve XML definition files, is not validated, enabling path traversal and potentially SSRF/XXE when user-controlled data is supplied. This vulnerability is tied to Tiles usage and is noted a...