Prototype Pollution Vulnerability in Progress Telerik Kendo UI for Vue
CVE-2024-11628

7.2HIGH

Key Information:

Vendor
CVE Published:
12 February 2025

Summary

In certain versions of Telerik Kendo UI for Vue, a vulnerability exists that allows attackers to introduce or modify properties in the global prototype chain. This manipulation can lead to unauthorized access and potentially result in a denial of service or command injection, posing significant risks to applications utilizing affected versions.

Affected Version(s)

Progress® Telerik® Kendo UI for Vue 2.4.0 < 6.1.0

References

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Tariq Hawis
.