CVE-2024-11343— Telerik Document Processing Path Traversal

CVSS 8.3 · High EPSS 0.30% · P53 Updated Feb 13, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-11343

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Telerik Document Processing Path Traversal

Source: NVD (National Vulnerability Database)

Vulnerability Description

In Progress® Telerik® Document Processing Libraries, versions prior to 2025 Q1 (2025.1.205), unzipping an archive can lead to arbitrary file system access.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

Source: NVD (National Vulnerability Database)

Vulnerability Type

对路径名的限制不恰当(路径遍历)

Source: NVD (National Vulnerability Database)

Vulnerability Title

Progress Telerik Document Processing Libraries 路径遍历漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Progress Telerik Document Processing Libraries是美国Progress公司的一个文档处理库。 Progress Telerik Document Processing Libraries 2025 Q1版本之前存在路径遍历漏洞，该漏洞源于解压档案操作可能导致任意文件系统访问。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Progress Software	Telerik Document Processing Libraries	1.0.0 ~ 2025.1.205	-

II. Public POCs for CVE-2024-11343

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2024-11343

请登录查看更多情报信息。

Same Patch Batch · Progress Software · 2025-02-12 · 7 CVEs total

CVE-2025-0556	8.8 HIGH	Telerik Report Server Clear Text Transmission of Agent Commands
CVE-2024-12251	7.8 HIGH	Improper neutralization special element in hyperlinks
CVE-2025-0332	7.8 HIGH	Progress UI for WinForms decompression path traversal vulnerability
CVE-2024-11629	7.1 HIGH	Telerik Document Processing RTF Export of Arbitrary File Path
CVE-2024-12629	4.1 MEDIUM	Prototype Pollution in Progress® Telerik® KendoReact
CVE-2024-11628	4.1 MEDIUM	Prototype Pollution in Progress® Telerik® Kendo UI for Vue

IV. Related Vulnerabilities

Same product: Telerik Document Processing Libraries

CVE-2024-8049
Telerik Document Processing Improper Handling of Memory Reso

Same vendor: Progress Software

Same weakness: CWE-22

V. Comments for CVE-2024-11343

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2024-11343— Telerik Document Processing Path Traversal

I. Basic Information for CVE-2024-11343

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2024-11343

III. Intelligence Information for CVE-2024-11343

Same Patch Batch · Progress Software · 2025-02-12 · 7 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2024-11343

Leave a comment