Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Telerik Web UI RadAsyncUpload Deserialization - Vulnerability Database

Telerik Web UI RadAsyncUpload Deserialization

Description

The Telerik UI component for ASP.NET AJAX (versions 2019.3.917 and older) is deserializing JSON objects in an insecure manner that results in arbitrary remote code execution on the software's underlying host.

It was not confirmed that remote code execution is possible, this alert was issued based on the version of the Telerik UI component.

Remediation

Upgrade to the latest version: R1 2020 (2020.1.114) and later.

References

Allows JavaScriptSerializer Deserialization
CVE-2019-18935: Remote Code Execution via Insecure Deserialization in Telerik UI
Telerik UI for ASP.NET AJAX Release History
Telerik RadAsyncUpload Security Documentation

Related Vulnerabilities

Apache OFBiz XMLRPC Deserialization RCE (CVE-2020-9496/CVE-2023-49070) High
Common tags: Code Execution Insecure Deserialization
SAP Hybris Deserialization RCE High
Common tags: Code Execution Insecure Deserialization
Flex BlazeDS AMF Deserialization RCE High
Common tags: Code Execution Insecure Deserialization
CakePHP 1.3.5 / 1.2.8 unserialize() vulnerability High
Common tags: Code Execution Insecure Deserialization
AjaxPro.NET Professional Deserialization RCE (CVE-2021-23758) High
Common tags: Code Execution Insecure Deserialization

Severity

High

Classification

CVE-2019-18935
CWE-78
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Code Execution
Insecure Deserialization