Vulnerabilities > Apache > Tiles > High

DATE CVE VULNERABILITY TITLE RISK
2023-11-30 CVE-2023-49735 Unspecified vulnerability in Apache Tiles 2.0
** UNSUPPORTED WHEN ASSIGNED ** The value set as the DefaultLocaleResolver.LOCALE_KEY attribute on the session was not validated while resolving XML definition files, leading to possible path traversal and eventually SSRF/XXE when passing user-controlled data to this key.
network
low complexity
apache
7.5