Main Vulnerability Database Vulnerabilities #VU120878

#VU120878 Path traversal in Tiles - CVE-2023-49735

Published: January 2, 2026

Vulnerability identifier: #VU120878

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:L/SI:L/SA:N/E:U/U:Amber

CVE-ID: CVE-2023-49735

CWE-ID: CWE-22

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Tiles

Software vendor:
Apache Foundation

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences while resolving XML definition files in DefaultLocaleResolver.LOCALE_KEY attribute. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system or perform XXE attacks.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://lists.apache.org/thread/8ktm4vxr6vvc1qsxh6ft8jzmom1zl65p

#VU120878 Path traversal in Tiles - CVE-2023-49735

Description

Remediation

External links

Please verify you're human