Eclipse Remote Application Platform
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Eclipse Remote Application Platform.
By the Year
In 2026 there have been 0 vulnerabilities in Eclipse Remote Application Platform. Remote Application Platform did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 1 | 9.80 |
It may take a day or so for new Remote Application Platform vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Eclipse Remote Application Platform Security Vulnerabilities
Eclipse RAP 3.0-3.25.0 FileUpload RCE on Windows via unsafe filename extraction
CVE-2023-4760
9.8 - Critical
- September 21, 2023
In Eclipse RAP versions from 3.0.0 up to and including 3.25.0, Remote Code Execution is possible on Windows when using the FileUpload component. The reason for this is a not completely secure extraction of the file name in the FileUploadProcessor.stripFileName(String name) method. As soon as this finds a / in the path, everything before it is removed, but potentially \ (backslashes) coming further back are kept. For example, a file name such as /..\..\webapps\shell.war can be used to upload a file to a Tomcat server under Windows, which is then saved as ..\..\webapps\shell.war in its webapps directory and can then be executed.
Directory traversal
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Eclipse Remote Application Platform or by Eclipse? Click the Watch button to subscribe.
