CVE-2024-8048

In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible using object injection via insecure expression evaluation.
Configurations

Configuration 1 (hide)

cpe:2.3:a:progress:telerik_reporting:*:*:*:*:*:*:*:*

History

15 Oct 2024, 14:56

Type Values Removed Values Added
References () https://docs.telerik.com/reporting/knowledge-base/insecure-expression-evaluation-cve-2024-8048 - () https://docs.telerik.com/reporting/knowledge-base/insecure-expression-evaluation-cve-2024-8048 - Vendor Advisory
CPE cpe:2.3:a:progress:telerik_reporting:*:*:*:*:*:*:*:*
First Time Progress
Progress telerik Reporting

10 Oct 2024, 12:51

Type Values Removed Values Added
Summary
  • (es) En las versiones de informes de Telerik anteriores al tercer trimestre de 2024 (18.2.24.924), es posible un ataque de ejecución de código mediante la inyección de objetos a través de la evaluación de expresiones inseguras.

09 Oct 2024, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-09 15:15

Updated : 2024-10-15 14:56


NVD link : CVE-2024-8048

Mitre link : CVE-2024-8048

CVE.ORG link : CVE-2024-8048


JSON object : View

Products Affected

progress

  • telerik_reporting
CWE
CWE-470

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')