Path Traversal Vulnerability (11343)
Description
Product Alert – February 2025 - CVE-2024-11343
- Progress® Telerik® Document Processing Libraries 2024 Q4 (2024.4.1106) or earlier.
Issue
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
What Are the Impacts
In Progress® Telerik® Document Processing, versions prior to 2025 Q1 (2025.1.2xx), improper limitation of a target path can lead to decompressing an archive's content into a restricted directory.
Solution
We have addressed the issue and the Progress Telerik team strongly recommends performing an upgrade to the latest version listed in the table below.
| Current Version | Guidance |
|---|---|
| 2024 Q4 (2024.4.1106) or earlier | Update to 2025 Q1 (2025.1.2xx) (update instructions) |
All customers who have a Telerik license can access the downloads here Product Downloads | Your Account. Note, Telerik Document Processing is not a separate product, it is distributed with the primary product you are using. More information can be found here: What Versions of Document Processing Libraries are Distributed with the Telerik Products.
Notes
- To check your version of Document Processing, look at the Properties of
Telerik.Documents.*.dll(orTelerik.Windows.Document.*.dll) files and inspect the Version value. - If you have any questions or concerns related to this issue, open a new Technical Support case in Your Account | Support Center. Technical Support is available to Telerik customers with an active support plan.
External References
CVE-2024-11343 (HIGH)
CVSS: 8.3
In Progress® Telerik® Document Processing, versions prior to 2025 Q1 (2025.1.2xx), improper limitation of a target path can lead to decompressing an archive's content into a restricted directory.