CVE-2024-11628
4.1
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L
Summary
In Progress® Telerik® Kendo UI for Vue versions v2.4.0 through v6.0.1, an attacker can introduce or modify properties within the global prototype chain which can result in denial of service or command injection.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Progress Software | Progress® Telerik® Kendo UI for Vue | 2.4.0 < 6.1.0 | affected |
Weaknesses
- CWE-1321: CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.