CVE-2024-12629 Information

Description

In Progress® Telerik® KendoReact versions v3.5.0 through v9.4.0 an attacker can introduce or modify properties within the global prototype chain which can result in denial of service or command injection.

Reference

https://www.telerik.com/kendo-react-ui/components/knowledge-base/kb-security-protoype-pollution-2024-12629