-
Notifications
You must be signed in to change notification settings - Fork 295
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
kb(dpl-security): address DPL cve-2024-11343 vulnerability
- Loading branch information
Showing
1 changed file
with
52 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,52 @@ | ||
| --- | ||
| title: Address Telerik Document Processing Security Vulnerability | ||
| description: Learn more about a fixed security vulnerability in Telerik Document Processing | ||
| type: troubleshooting | ||
| page_title: How to upgrade Telerik Document Processing to resove a security vulnerability | ||
| slug: dpl-kb-security-vulnerability | ||
| tags: blazor, dpl | ||
| ticketid: | ||
| res_type: kb | ||
| --- | ||
|
|
||
| ## Environment | ||
|
|
||
| <table> | ||
| <tbody> | ||
| <tr> | ||
| <td>Product</td> | ||
| <td>Telerik Document Processing</td> | ||
| </tr> | ||
| <tr> | ||
| <td>Version</td> | ||
| <td>Prior to 2025.1.205</td> | ||
| </tr> | ||
| </tbody> | ||
| </table> | ||
|
|
||
| ## Description | ||
|
|
||
| The [February 2025 release of Telerik Document Processing](https://docs.telerik.com/devtools/document-processing/release-notes/2025/release-notes-2025-1-205) resolves a Path traversal vulnerability: | ||
|
|
||
| * [CVE-2024-11343](https://docs.telerik.com/devtools/document-processing/knowledge-base/kb-security-path-traversal-cve-2024-11343) | ||
|
|
||
| >tip Telerik UI for ASP.NET AJAX uses [Telerik Document Processing](https://docs.telerik.com/devtools/document-processing/introduction) packages and APIs for its Excel export features. **Telerik UI for ASP.NET AJAX is NOT affected by the mentioned resolved vulnerability.** This article exists only as a heads-up to customers who may be using Telerik Document Processing in their Telerik ASP.NET AJAX (Web Forms) applications. | ||
| This article describes potential next steps for developers working specifically with Telerik Document Processing. | ||
|
|
||
| ## Solution | ||
|
|
||
| No action is required if: | ||
|
|
||
| * Your application is not referencing Telerik Document Processing packages explicitly. | ||
| * Your application is not using `Telerik.Zip` APIs directly. | ||
|
|
||
| If your use case scenario is the opposite of the listed items above, then: | ||
|
|
||
| * [Get familiar with the vulnerabilities, their impact, and resolutions](#description). | ||
| * Upgrade Telerik Document Processing to version **2025.1.205** or later. | ||
|
|
||
| ## See Also | ||
|
|
||
| * [Release Notes for Telerik Document Processing version 2025.1.205 (2025 Q1)](https://docs.telerik.com/devtools/document-processing/release-notes/2025/release-notes-2025-1-205) | ||
| * [KB article for CVE-2024-11343](https://docs.telerik.com/devtools/document-processing/knowledge-base/kb-security-path-traversal-cve-2024-11343) |