The Telerik UI component for ASP.NET AJAX (versions 2019.3.917 and older) is deserializing JSON objects in an insecure manner that results in arbitrary remote code execution on the software's underlying host.

It was not confirmed that remote code execution is possible, this alert was issued based on the version of the Telerik UI component.


Upgrade to the latest version: R1 2020 (2020.1.114) and later.


Related Vulnerabilities