Description

The Telerik UI component for ASP.NET AJAX (versions 2019.3.917 and older) is deserializing JSON objects in an insecure manner that results in arbitrary remote code execution on the software's underlying host.

It was not confirmed that remote code execution is possible, this alert was issued based on the version of the Telerik UI component.

Remediation

Upgrade to the latest version: R1 2020 (2020.1.114) and later.

References

Related Vulnerabilities