Security Alert for the Obsolete Telerik Extensions for ASP.NET MVC

Thread is closed for posting
1 posts, 0 answers
  1. Telerik Admin
    Telerik Admin avatar
    1572 posts
    Member since:
    Oct 2004

    Posted 04 Oct 2018 Link to this post

    A security vulnerability has been identified in the old Telerik Extensions for ASP.NET MVC that have been discontinued since June 2013. It applies to all versions of the product and allows unrestricted file reading that can allow access to files inside server's web directory. This vulnerability has the following CVE identification: CVE-2018-17060.

    This issue is not present in any version of the current Telerik UI for ASP.NET MVC or Telerik UI for ASP.NET Core product suites.

    Our sincere thanks to Arseniy Sharoglazov (Kaspersky Lab) who found and reported this vulnerability.

Back to Top

This Code Library is part of the product documentation and subject to the respective product license agreement.