CVE-2024-12629

Medium CVSS: 4.1

In Progress® Telerik® KendoReact versions v3.5.0 through v9.4.0, an attacker can introduce or modify properties within the global prototype chain which can result in denial of service or command injection.

Vendor

Progress

Product

Kendoreact

CWE

CWE-1321

Yayın Tarihi

2025-02-12 16:15:39

Güncelleme

2025-06-27 17:24:34

Source Identifier

security@progress.com

KEV Date Added

Kategoriler

CWE-1321 Kendoreact MEDIUM Progress 2025

Referanslar

https://www.telerik.com/kendo-react-ui/components/knowledge-base/kb-security-protoype-pollution-2024-12629

Benzer Kayıtlar

Medium

CVE-2026-2878

In Progress® Telerik® UI for AJAX, versions prior to 2026.1.225, an insufficient entropy vulnerability exists in RadAsyn…

High

CVE-2025-13447

OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker…

High

CVE-2025-13444

OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker…

High

CVE-2025-13774

A vulnerability exists in Progress Flowmon ADS versions prior to 12.5.4 and 13.0.1 where an SQL injection vulnerability…

Low

CVE-2025-11235

Unverified Password Change vulnerability in Progress MOVEit Transfer on Windows (REST API modules).This issue affects MO…

Medium

CVE-2025-13147

Server-Side Request Forgery (SSRF) vulnerability in Progress MOVEit Transfer.This issue affects MOVEit Transfer: before…