CVE-2024-8014

Name of the Vulnerable Software and Affected Versions Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924)

Description The issue is related to the insecure type resolution vulnerability in Progress Telerik Reporting, allowing for object injection and potentially enabling a remote attacker to execute arbitrary code. This vulnerability can be exploited through the injection of external input to select classes.

Recommendations For versions prior to 2024 Q3 (18.2.24.924), update to version 2024 Q3 (18.2.24.924) or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable type resolution functionality until a patch is available.