CVE-2023-49735 in Tiles정보

요약

\~에 의해 MITRE • 2023. 12. 01.

** UNSUPPORTED WHEN ASSIGNED **

The value set as the DefaultLocaleResolver.LOCALE_KEY attribute on the session was not validated while resolving XML definition files, leading to possible path traversal and eventually SSRF/XXE when passing user-controlled data to this key. Passing user-controlled data to this key may be relatively common, as it was also used like that to set the language in the 'tiles-test' application shipped with Tiles.

This issue affects Apache Tiles from version 2 onwards.

NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

예약하다

2023. 11. 30.

모더레이션

수락

항목

VDB-246570

EPSS

0.01345

출처

Want to know what is going to be exploited?

We predict KEV entries!