I am using Telerik UI for Blazor version 5.0.1 in my project, and a Veracode scan has identified a vulnerability in this version (see the attached image for details). Could you please advise on a solution to address this issue and how we can resolve it?
Thank you.
1 Answer, 1 is accepted
0
Dimo
Telerik team
answered on 18 Sep 2024, 06:40 AM
Hi Jitesh,
System.Data.Common itself has no vulnerabilities, but some of its dependencies have. We have already overridden the versions of the dependency packages (in Telerik UI for Blazor version 4.6.0, which uses Telerik.DataSource 2.1.5), so we are not using vulnerable code in our product.
In other words, the reported vulnerability is a false positive.
As a general rule of thumb, always use the latest Telerik UI for Blazor version to make sure that you are using all fixes and patches.