Telerik Forums / UI for ASP.NET AJAX
This is a migrated thread and some comments may be shown as answers.

Telerik.Web.UI.dll 2009 version

1 Answer 306 Views
AsyncUpload
This is a migrated thread and some comments may be shown as answers.
Chit Way
Top achievements
Rank 1
Chit Way asked on 15 Feb 2021, 05:57 AM
Hi,

Wound like to check whether Telerik.Web.UI.dll 2009 version is affected by CVE-2019-18935 or CVE-2017-11317?

Our application is using Telerik.Web.UI.dll 2009 version and please let us know if any vulnerabilities with this version?

Please advise.

1 Answer, 1 is accepted

Sort by
0
Vessy
Telerik team
answered on 15 Feb 2021, 12:00 PM

Hi Chit,

Your app will be safe from the known vulnerabilities if you are using a Telerik.Web.UI.dll assembly released before Q1 2010 (version 2010.1.309) or after R3 2019 SP1 (2019.3.1023):

https://docs.telerik.com/devtools/aspnet-ajax/controls/asyncupload/security

For more information on this matter, please refer to the Allows JavaScriptSerializer Deserialization (CVE-2019-18935) article:

https://www.telerik.com/support/kb/aspnet-ajax/details/allows-javascriptserializer-deserialization

Regards,
Vessy
Progress Telerik

Virtual Classroom, the free self-paced technical training that gets you up to speed with Telerik and Kendo UI products quickly just got a fresh new look + new and improved content including a brand new Blazor course! Check it out at https://learn.telerik.com/.

Tags
AsyncUpload
Asked by
Chit Way
Top achievements
Rank 1
Answers by
Vessy
Telerik team
Share this question
or