CVE-2024-11628: Prototype Pollution in Progress® Telerik® Kendo UI for Vue
First published: Wed Feb 12 2025(Updated: )
In Progress® Telerik® Kendo UI for Vue versions v2.4.0 through v6.0.1, an attacker can introduce or modify properties within the global prototype chain which can result in denial of service or command injection.
Credit: security@progress.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Kendo UI | >=2.4.0<=6.0.1 | |
| Kendo UI | >=2.4.0<6.1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-11628?
CVE-2024-11628 has a high severity due to its potential for denial of service and command injection.
How do I fix CVE-2024-11628?
To fix CVE-2024-11628, upgrade to Telerik Kendo UI for Vue version 6.0.2 or later.
What versions of Telerik Kendo UI for Vue are affected by CVE-2024-11628?
CVE-2024-11628 affects versions of Telerik Kendo UI for Vue from 2.4.0 to 6.0.1.
What kind of attack can be executed through CVE-2024-11628?
CVE-2024-11628 allows attackers to introduce or modify properties within the global prototype chain.
Is there a risk of data loss with CVE-2024-11628?
Yes, exploitation of CVE-2024-11628 could lead to denial of service, potentially impacting data availability.
- agent/references
- agent/weakness
- agent/title
- agent/type
- agent/description
- agent/first-publish-date
- agent/author
- agent/source
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/event
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/tags
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- vendor/progress
- canonical/kendo ui
- vendor/telerik
- version/kendo ui/2.4.0