CVE-2024-11628

Prototype Pollution in Progress® Telerik® Kendo UI for Vue

Description

In Progress® Telerik® Kendo UI for Vue versions v2.4.0 through v6.0.1, an attacker can introduce or modify properties within the global prototype chain which can result in denial of service or command injection.

INFO

Published Date :

2025-02-12T16:17:38.869Z

Last Modified :

2025-02-12T19:06:31.802Z

Source :

ProgressSoftware

AFFECTED PRODUCTS

The following products are affected by CVE-2024-11628 vulnerability.

Vendors	Products
Progress	Kendo Ui For Vue

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-11628.

URL	Resource
https://www.telerik.com/kendo-vue-ui/components/knowledge-base/kb-security-protoype-pollution-2024-11628

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact