cve/2023/CVE-2023-49735.md

### [CVE-2023-49735](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49735)
![](https://img.shields.io/static/v1?label=Product&message=Apache%20Tiles&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=2.0.0%3C%20*%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brighgreen)

### Description

** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED **The value set as the DefaultLocaleResolver.LOCALE_KEY attribute on the session was not validated while resolving XML definition files, leading to possible path traversal and eventually SSRF/XXE when passing user-controlled data to this key. Passing user-controlled data to this key may be relatively common, as it was also used like that to set the language in the 'tiles-test' application shipped with Tiles.This issue affects Apache Tiles from version 2 onwards.NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/fkie-cad/nvd-json-data-feeds
- https://github.com/weblegacy/struts1
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2023-49735](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49735)`
			`![](https://img.shields.io/static/v1?label=Product&message=Apache%20Tiles&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=2.0.0%3C%20*%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brighgreen)`

			`### Description`

			UNSUPPPORTED WHEN ASSIGNED UNSUPPORTED WHEN ASSIGNED The value set as the DefaultLocaleResolver.LOCALE_KEY attribute on the session was not validated while resolving XML definition files, leading to possible path traversal and eventually SSRF/XXE when passing user-controlled data to this key. Passing user-controlled data to this key may be relatively common, as it was also used like that to set the language in the 'tiles-test' application shipped with Tiles.This issue affects Apache Tiles from version 2 onwards.NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

			`### POC`

			`#### Reference`
			`No PoCs from references.`

			`#### Github`
			`- https://github.com/fkie-cad/nvd-json-data-feeds`
			`- https://github.com/weblegacy/struts1`