Search for packages
| purl | pkg:maven/org.apache.tiles/tiles-core@2.2.2 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-jjre-tuhb-4yat
Aliases: CVE-2023-49735 GHSA-qw4h-3xjj-84cc |
Apache Tiles: Unvalidated input may lead to path traversal and XXE The value set as the DefaultLocaleResolver.LOCALE_KEY attribute on the session was not validated while resolving XML definition files, leading to possible path traversal and eventually SSRF/XXE when passing user-controlled data to this key. Passing user-controlled data to this key may be relatively common, as it was also used like that to set the language in the 'tiles-test' application shipped with Tiles. This issue affects Apache Tiles from version 2 onwards. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-16T22:44:32.827258+00:00 | GitLab Importer | Affected by | VCID-jjre-tuhb-4yat | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tiles/tiles-core/CVE-2023-49735.yml | 38.4.0 |
| 2026-04-12T00:04:09.042013+00:00 | GitLab Importer | Affected by | VCID-jjre-tuhb-4yat | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tiles/tiles-core/CVE-2023-49735.yml | 38.3.0 |
| 2026-04-03T00:08:49.525104+00:00 | GitLab Importer | Affected by | VCID-jjre-tuhb-4yat | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.tiles/tiles-core/CVE-2023-49735.yml | 38.1.0 |