Can you confirm that Telerik UI for Blazor (3.7.0 Published Wednesday, November 9, 2022) is not using Microsoft System.Data.Common in such a way that it would expose the following risk to our system. Either way, can you confirm that upgrading to Telerik UI for Blazor V 5 would mitigate this? Thanks.
"CVE-2020-1147 is a remote code execution vulnerability that exists in .NET Framework, Microsoft SharePoint, and Visual Studio. This vulnerability can be exploited when the software fails to check the source markup of XML file input. An attacker who successfully exploits this vulnerability could run arbitrary code in the context of the process responsible for deserialization of the XML content.
In the context of Telerik, it’s important to note that the Telerik UI for ASP.NET AJAX builds before R1 2020 (2020.1.114) are vulnerable to this exploit. This vulnerability was exploited by multiple cyber threat actors, including an advanced persistent threat (APT) actor, in a .NET deserialization vulnerability (CVE-2019-18935) in Progress Telerik UI for ASP.NET AJAX, located in a federal civilian executive branch (FCEB) agency’s Microsoft Internet Information Services (IIS) web server."