Lucene search

GoogleOSV:CVE-2023-49735

HistoryNov 30, 2023 - 10:15 p.m.

CVE-2023-49735

2023-11-3022:15:09

Google

osv.dev

cve-2023-49735

path traversal

ssrf/xxe

xml definition

user-controlled data

tiles

unsupported

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.3%

JSON

UNSUPPORTED WHEN ASSIGNED

The value set as the DefaultLocaleResolver.LOCALE_KEY attribute on the session was not validated while resolving XML definition files, leading to possible path traversal and eventually SSRF/XXE when passing user-controlled data to this key. Passing user-controlled data to this key may be relatively common, as it was also used like that to set the language in the ‘tiles-test’ application shipped with Tiles.

This issue affects Apache Tiles from version 2 onwards.

NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

CPENameOperatorVersion
tileseq3.0.7-4
tileseq3.0.7-5

CPE	Name	Operator	Version
	tiles	eq	3.0.7-4
	tiles	eq	3.0.7-5

References

lists.apache.org/thread/8ktm4vxr6vvc1qsxh6ft8jzmom1zl65p

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.3%

JSON

Related for OSV:CVE-2023-49735