CVE-2024-8048

Name of the Vulnerable Software and Affected Versions Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924)

Description The issue is related to insecure expression evaluation, allowing for object injection and potentially leading to code execution attacks. This can be exploited by providing input that enables external control over class selection, which may permit an attacker to execute arbitrary code.

Recommendations For versions prior to 2024 Q3 (18.2.24.924), update to version 2024 Q3 (18.2.24.924) or later to resolve the issue. As a temporary workaround, consider restricting the use of insecure expression evaluation until a patch is applied. Avoid using vulnerable functions or parameters that may facilitate object injection attacks.