If you have an active license go the the Downloads section, look for version 2020.1.114 or later in the Version dropdown and download the Telerik_UI_for_ASP.NET_AJAX_2020_1_114_Dev_hotfix.zip archive. You can see how to update your project here. For any questions, you can contact us via the support ticketing system.
Due to the .NET JavaScriptSerializer Deserialization (CVE-2019-18935) vulnerability, we strongly recommend upgrading to R1 2020 (version 2020.1.114) or later since the patches provided for CVE-2017-9248, CVE-2017-1135, CVE-2014-2217 and CVE-2017-11317 do not prevent it.
Telerik UI for ASP.NET AJAX R1 2020 (version 2020.1.114) Retail
Download File: https://urluso.com/2vIFjV
Due to the .NET JavaScriptSerializer Deserialization (CVE-2019-18935) vulnerability, we strongly recommend upgrading to R1 2020 (version 2020.1.114) or later since the patches provided for CVE-2017-1135, CVE-2014-2217 and CVE-2017-11317 do not prevent it.
Due to the .NET JavaScriptSerializer Deserialization (CVE-2019-18935) vulnerability, we strongly recommend upgrading to R1 2020 (version 2020.1.114) or later since the patches provided for CVE-2014-2217 and CVE-2017-11317 do not prevent it.
Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote code execution. (As of 2020.1.114, a default setting prevents the exploit. In 2019.3.1023, but not earlier versions, a non-default setting can prevent exploitation.)
2ff7e9595c
Comments