Path Traversal Vulnerability (11343)
Description
Product Alert – February 2025 - CVE-2024-11343
- Progress® Telerik® Document Processing Libraries 2024 Q4 (2024.4.1106) or earlier.
Issue
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
What Are the Impacts
In Progress® Telerik® Document Processing, versions prior to 2025 Q1 (2025.1.2xx), improper limitation of a target path can lead to decompressing an archive's content into a restricted directory.
Solution
The Progress Telerik team has addressed the issue and strongly recommends upgrading to the latest version listed in the table below.
| Current Version | Guidance |
|---|---|
| 2024 Q4 (2024.4.1106) or earlier | Update to 2025 Q1 (2025.1.2xx) (update instructions) |
All customers who have a Telerik license can access the downloads at Product Downloads | Your Account. Telerik Document Processing is not a separate product. It is distributed with the primary product you are using. More information is available at What Versions of Document Processing Libraries are Distributed with the Telerik Products.
Notes
- To check your version of Document Processing, look at the Properties of
Telerik.Documents.*.dll(orTelerik.Windows.Document.*.dll) files and inspect the Version value. - If you have any questions or concerns related to this issue, open a new Technical Support case in Your Account | Support Center. Technical Support is available to Telerik customers with an active support plan.
External References
CVE-2024-11343 (HIGH)
CVSS: 8.3
In Progress® Telerik® Document Processing, versions prior to 2025 Q1 (2025.1.2xx), improper limitation of a target path can lead to decompressing an archive's content into a restricted directory.