Description
In Progress® Telerik® Kendo UI for Vue versions v2.4.0 through v6.0.1, an attacker can introduce or modify properties within the global prototype chain which can result in denial of service or command injection.
CVSS Metrics
- Vector
- CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L
- Attack Vector
- network
- Complexity
- high
- Privileges
- high
- User Action
- none
- Scope
- unchanged
- Confidentiality
- low
- Integrity
- low
- Availability
- low
- Weaknesses
- CWE-1321
Metadata
- Primary Vendor
- PROGRESS
- Published
- 2/12/2025
- Last Modified
- 6/27/2025
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
progress : kendo_ui_for_vue
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.