Primary

Context

Progress Telerik Kendo UI for Vue Prototype Pollution Vulnerability Allowing Denial-of-Service or Command Injection

Vulnerability

Patched

A prototype pollution vulnerability has been identified in Progress Telerik Kendo UI for Vue, affecting versions 2.4.0 prior to 6.0.1. This vulnerability allows an attacker to introduce or modify properties within the global prototype chain, potentially leading to denial-of-service conditions or command injection.

Impact

Exploitation of this vulnerability can cause denial-of-service conditions or allow for command injection.

Remediation

Users are advised to update to Kendo UI for Vue version 6.1.0 or later. The updated packages are available via npm. For more information, see the Kendo UI for Vue installation documentation.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

7.5

exploitability

2.8

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.4

impact

7.5

exploitability

2.8

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Progress Telerik Kendo UI for Vue Prototype Pollution Vulnerability Allowing Denial-of-Service or Command Injection

Vulnerability

Impact

Remediation

Affected Products

Progress Telerik Kendo UI for Vue

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating