Arbitrary File Access

Affecting telerikmvcextensions package, versions [0,]

medium severity

Overview

TelerikMvcExtensions is a Telerik Extensions for ASP.NET MVC.

Affected versions of this package are vulnerable to Arbitrary File Access. It does not whitelist requests, which can allow a remote attacker to access files inside the server's web directory.

Remediation

There is no fix version for TelerikMvcExtensions.

References

Do your applications use this vulnerable package?

Credit
Unknown
CVE
CVE-2018-17060
CWE
CWE-284
Snyk ID
SNYK-DOTNET-TELERIKMVCEXTENSIONS-72431
Disclosed
05 Oct, 2018
Published
10 Oct, 2018