8 matches found
Path Traversal
org.apache.tiles: tiles-core is vulnerable to Path Traversal. The vulnerability is due to missing validation in the DefaultLocaleResolver.LOCALEKEY attribute set on the session while resolving XML definition files. This can lead to Server Side Request Forgery SSRF or XML External Entity Injection...
Apache Tiles: Unvalidated input may lead to path traversal and XXE
The value set as the DefaultLocaleResolver.LOCALEKEY attribute on the session was not validated while resolving XML definition files, leading to possible path traversal and eventually SSRF/XXE when passing user-controlled data to this key. Passing user-controlled data to this key may be relativel...
CVE-2023-49735
UNSUPPORTED WHEN ASSIGNED The value set as the DefaultLocaleResolver.LOCALEKEY attribute on the session was not validated while resolving XML definition files, leading to possible path traversal and eventually SSRF/XXE when passing user-controlled data to this key. Passing user-controlled data to...
CVE-2023-49735
UNSUPPORTED WHEN ASSIGNED The value set as the DefaultLocaleResolver.LOCALEKEY attribute on the session was not validated while resolving XML definition files, leading to possible path traversal and eventually SSRF/XXE when passing user-controlled data to this key. Passing user-controlled data to...
CVE-2023-49735
UNSUPPORTED WHEN ASSIGNED The value set as the DefaultLocaleResolver.LOCALEKEY attribute on the session was not validated while resolving XML definition files, leading to possible path traversal and eventually SSRF/XXE when passing user-controlled data to this key. Passing user-controlled data to...
CVE-2023-49735 Apache Tiles: Unvalidated input may lead to path traversal and XXE
UNSUPPORTED WHEN ASSIGNED The value set as the DefaultLocaleResolver.LOCALEKEY attribute on the session was not validated while resolving XML definition files, leading to possible path traversal and eventually SSRF/XXE when passing user-controlled data to this key. Passing user-controlled data to...
CVE-2023-49735
CVE-2023-49735 affects Apache Tiles (2 onward). The DefaultLocaleResolver.LOCALE_KEY value, when used to resolve XML definition files, is not validated, enabling path traversal and potentially SSRF/XXE when user-controlled data is supplied. This vulnerability is tied to Tiles usage and is noted a...
CVE-2023-49735 Apache Tiles: Unvalidated input may lead to path traversal and XXE
UNSUPPORTED WHEN ASSIGNED The value set as the DefaultLocaleResolver.LOCALEKEY attribute on the session was not validated while resolving XML definition files, leading to possible path traversal and eventually SSRF/XXE when passing user-controlled data to this key. Passing user-controlled data to...