Vulnerability in the Current Version of Telerik UI 5.0.1 for Blazor

1 Answer 67 Views
General Discussions
Jitesh
Top achievements
Rank 1
Jitesh asked on 18 Sep 2024, 06:18 AM

Hi,

I am using Telerik UI for Blazor version 5.0.1 in my project, and a Veracode scan has identified a vulnerability in this version (see the attached image for details). Could you please advise on a solution to address this issue and how we can resolve it?

Thank you.

1 Answer, 1 is accepted

Sort by
0
Dimo
Telerik team
answered on 18 Sep 2024, 06:40 AM

Hi Jitesh,

System.Data.Common itself has no vulnerabilities, but some of its dependencies have. We have already overridden the versions of the dependency packages (in Telerik UI for Blazor version 4.6.0, which uses Telerik.DataSource 2.1.5), so we are not using vulnerable code in our product.

In other words, the reported vulnerability is a false positive.

As a general rule of thumb, always use the latest Telerik UI for Blazor version to make sure that you are using all fixes and patches.

A related forum thread on the same topic is https://www.telerik.com/forums/does-telerik-ui-for-blazor-still-have-an-issue-with-cve-2020-1147-remote-code-execution

Regards,
Dimo
Progress Telerik

Love the Telerik and Kendo UI products and believe more people should try them? Invite a fellow developer to become a Progress customer and each of you can get a $50 Amazon gift voucher.

Tags
General Discussions
Asked by
Jitesh
Top achievements
Rank 1
Answers by
Dimo
Telerik team
Share this question
or