Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS04aDdwLXFqdjgtOW1wNM39jw
Improper Access Control in Telerik Extensions
Telerik Extensions for ASP.NET MVC (all versions) does not whitelist requests, which can allow a remote attacker to access files inside the server's web directory. NOTE: this product has been obsolete since June 2013.
Permalink: https://github.com/advisories/GHSA-8h7p-qjv8-9mp4JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS04aDdwLXFqdjgtOW1wNM39jw
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: over 1 year ago
CVSS Score: 5.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Identifiers: GHSA-8h7p-qjv8-9mp4, CVE-2018-17060
References:
- https://nvd.nist.gov/vuln/detail/CVE-2018-17060
- https://www.telerik.com/support/code-library/security-alert-for-the-obsolete-telerik-extensions-for-asp-net-mvc
- https://github.com/advisories/GHSA-8h7p-qjv8-9mp4
Affected Packages
nuget:TelerikMvcExtensions
Dependent packages: 5Dependent repositories: 157
Downloads:
Affected Version Ranges: <= 2013.1.219
No known fixed version
All affected versions: 2010.2.930, 2010.3.1110, 2010.3.1318, 2011.1.315, 2011.2.712, 2011.3.1115, 2012.1.214, 2012.2.607, 2012.3.1018, 2013.1.219