3 matches found
Apache Tiles: Unvalidated input may lead to path traversal and XXE
The value set as the DefaultLocaleResolver.LOCALEKEY attribute on the session was not validated while resolving XML definition files, leading to possible path traversal and eventually SSRF/XXE when passing user-controlled data to this key. Passing user-controlled data to this key may be relativel...
CVE-2023-49735
UNSUPPORTED WHEN ASSIGNED The value set as the DefaultLocaleResolver.LOCALEKEY attribute on the session was not validated while resolving XML definition files, leading to possible path traversal and eventually SSRF/XXE when passing user-controlled data to this key. Passing user-controlled data to...
org.apache.tiles:tiles-assembly (>=2.1.0 <=2.1.1), org.apache.tiles:tiles-compat (>=2.1.0 <=2.1.1) +5 more potentially affected by CVE-2009-1275 via org.apache.tiles:tiles-core (>=2.1.0 <=2.1.1)
org.apache.tiles:tiles-core MAVEN version =2.1.0, =2.1.0, =2.1.0, =2.1.0, =2.1.0, =2.1.0, =2.1.0, =2.1.1 - org.parancoe:parancoe-plugin-tiles =2.0.1 Source cves: CVE-2009-1275 Source advisory: OSV:GHSA-2C6Q-RGVJ-66RX...