CVE-2024-1856

Name of the Vulnerable Software and Affected Versions Progress Telerik Reporting versions prior to 2024 Q1 (18.0.24.130)

Description The issue is related to an insecure deserialization vulnerability in the ObjectReader class of Progress Telerik Reporting, which can be exploited by a remote threat actor to execute arbitrary code using specially crafted data. This vulnerability allows for code execution attacks.

Recommendations For versions prior to 2024 Q1 (18.0.24.130), update to version 2024 Q1 (18.0.24.130) or later to resolve the issue. As a temporary workaround, consider restricting the use of the ObjectReader class to minimize the risk of exploitation. Avoid deserializing untrusted data until the issue is resolved.