Plattform
dotnet
Komponente
telerik-document-processing
Behoben in
2025.1.205
CVE-2024-11343 describes a Path Traversal vulnerability discovered in Progress® Telerik® Document Processing Libraries. This vulnerability allows an attacker to gain arbitrary file system access by crafting a malicious archive file. Versions affected are those prior to 2025 Q1 (2025.1.205). A fix is available in version 2025.1.205.
The core impact of CVE-2024-11343 lies in its ability to enable arbitrary file system access. An attacker could leverage this vulnerability to read sensitive configuration files, source code, or even execute malicious code on the server hosting the application. The blast radius extends to any data accessible by the user account under which the document processing library is running. Successful exploitation could lead to data breaches, system compromise, and potential denial of service. This vulnerability shares similarities with other archive-based path traversal exploits, where specially crafted archive entries can bypass security checks and access unauthorized files.
CVE-2024-11343 was publicly disclosed on 2025-02-12. There is no indication of active exploitation campaigns at this time. The EPSS score is currently pending evaluation. No public proof-of-concept (PoC) code has been released as of the disclosure date, but the nature of the vulnerability suggests that a PoC is likely to emerge.
Applications that utilize the Telerik Document Processing Libraries to process user-supplied archive files are at risk. This includes web applications, desktop applications, and any other software that integrates with the library. Organizations using older, unpatched versions of the library, particularly those with limited patching cycles, are at higher risk.
• .NET / dotnet: Use Sysinternals Process Monitor to observe file access patterns when processing archives. Look for attempts to access files outside of the expected application directory.
Get-Process | Where-Object {$_.ProcessName -like '*Telerik*'} | Get-Process -Id $PID | ForEach-Object {
Get-WinEvent -LogName Application -Filter "*[System[Provider[@Name='Microsoft-Windows-Sysinternals-ProcessMonitor']]]*"
}• .NET / dotnet: Examine application logs for errors related to file access or archive processing. Look for exceptions indicating path traversal attempts. • .NET / dotnet: Review code that handles archive processing for potential vulnerabilities. Ensure proper path sanitization and validation are implemented. • .NET / dotnet: Windows Defender ATP can be configured to detect suspicious process behavior related to file access. Create a custom detection rule based on the known vulnerable library and file access patterns.
disclosure
Exploit-Status
EPSS
0.30% (53% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-11343 is to upgrade to version 2025.1.205 or later of the Telerik Document Processing Libraries. If immediate upgrading is not feasible, consider implementing input validation and sanitization on archive files before processing them. Specifically, restrict the types of files allowed and validate their contents to prevent malicious entries. Web Application Firewalls (WAFs) can be configured to block requests containing suspicious archive file extensions or patterns. After upgrading, verify the fix by attempting to unzip a known malicious archive file and confirming that access is denied.
Actualice las bibliotecas de Telerik Document Processing a la versión 2025 Q1 (2025.1.205) o posterior. Esto solucionará la vulnerabilidad de path traversal al descomprimir archivos. Descargue la versión más reciente desde el sitio web oficial de Progress Software o a través del gestor de paquetes NuGet.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-11343 is a Path Traversal vulnerability in Telerik Document Processing Libraries affecting versions prior to 2025.1.205. It allows attackers to read arbitrary files by crafting malicious archive files.
You are affected if you are using Telerik Document Processing Libraries versions 1.0.0–2024.4.1203 and have not upgraded to 2025.1.205 or later. Assess your usage of the library and upgrade accordingly.
Upgrade to version 2025.1.205 or later. If upgrading is not immediately possible, implement stricter input validation on archive files and consider WAF rules.
As of February 12, 2025, there is no indication of active exploitation in the wild, but the vulnerability's nature suggests potential for future exploitation.
Refer to the Progress® website and Telerik security advisories for the official details and updates regarding CVE-2024-11343.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine packages.lock.json-Datei hoch und wir sagen dir sofort, ob du betroffen bist.