Telerik UI For ASP.NET AJAX R3 2019 SP1 (version 2019.3.1023) Retail

Telerik UI For ASP.NET AJAX R3 2019 SP1 (version 2019.3.1023) Retail

Telerik UI For ASP.NET AJAX R3 2019 SP1 (version 2019.3.1023) Retail ->>> https://bytlly.com/2sXpwh

Even when disabling file uploads, we recommend setting the main custom encryption keys, especially for versions prior to R3 2019 SP1. The DisableAsyncUploadHandler behavior is improved in R3 2020 SP1 (2019.3.1023) and we recommend upgrading to 2019.3.1023 or a later release when using it.

Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote code execution. (As of 2020.1.114, a default setting prevents the exploit. In 2019.3.1023, but not earlier versions, a non-default setting can prevent exploitation.)