Prototype Pollution Vulnerability in Progress Telerik Kendo UI for Vue
CVE-2024-11628
7.2HIGH
Key Information:
- Vendor
- Progress Software
- Vendor
- CVE Published:
- 12 February 2025
Summary
In certain versions of Telerik Kendo UI for Vue, a vulnerability exists that allows attackers to introduce or modify properties in the global prototype chain. This manipulation can lead to unauthorized access and potentially result in a denial of service or command injection, posing significant risks to applications utilizing affected versions.
Affected Version(s)
Progress® Telerik® Kendo UI for Vue 2.4.0 < 6.1.0
References
CVSS V3.1
Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Tariq Hawis