CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-11628: Prototype Pollution in Progress® Telerik® Kendo UI for Vue

4.1 CVSS

Description

In Progress® Telerik® Kendo UI for Vue versions v2.4.0 through v6.0.1, an attacker can introduce or modify properties within the global prototype chain which can result in denial of service or command injection.

Classification

CVE ID: CVE-2024-11628

CVSS Base Severity: MEDIUM

CVSS Base Score: 4.1

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L

Affected Products

Vendor: Progress Software

Product: Progress® Telerik® Kendo UI for Vue

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 22.16% (scored less or equal to compared to others)

EPSS Date: 2025-03-13 (when was this score calculated)

References

https://www.telerik.com/kendo-vue-ui/components/knowledge-base/kb-security-protoype-pollution-2024-11628

Timeline

2025-02-13 00:30:18 UTC
CVE

Prototype Pollution in Progress® Telerik® Kendo UI for Vue