CVE-2023-4760

Source
https://cve.org/CVERecord?id=CVE-2023-4760
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-4760.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-4760
Published
2023-09-21T07:35:35.790Z
Modified
2026-07-08T06:18:17.560278584Z
Severity
  • 7.6 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L CVSS Calculator
Summary
Remote Code Execution in Eclipse RAP on Windows
Details

In Eclipse RAP versions from 3.0.0 up to and including 3.25.0, Remote Code Execution is possible on Windows when using the FileUpload component.

The reason for this is a not completely secure extraction of the file name in the FileUploadProcessor.stripFileName(String name) method. As soon as this finds a / in the path, everything before it is removed, but potentially \ (backslashes) coming further back are kept.

For example, a file name such as /....\webapps\shell.war can be used to upload a file to a Tomcat server under Windows, which is then saved as ....\webapps\shell.war in its webapps directory and can then be executed.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/4xxx/CVE-2023-4760.json",
    "cna_assigner": "eclipse",
    "cwe_ids": [
        "CWE-22",
        "CWE-23"
    ]
}
References

Affected packages

Git / github.com/eclipse-rap/org.eclipse.rap

Affected ranges

Type
GIT
Repo
https://github.com/eclipse-rap/org.eclipse.rap
Events
Database specific
{
    "source": [
        "AFFECTED_FIELD",
        "CPE_RANGE"
    ],
    "cpe": "cpe:2.3:a:eclipse:remote_application_platform:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "3.0.0"
        },
        {
            "last_affected": "3.25.0"
        }
    ]
}

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-4760.json"