kb(dpl-security): address DPL cve-2024-11343 vulnerability

Jekata · Jekata · commit 2eb39983b3d6 · 2025-02-13T15:53:32.000+02:00
diff --git a/knowledge-base/dpl-security-vulnerability.md b/knowledge-base/dpl-security-vulnerability.md
@@ -0,0 +1,52 @@
+---
+title: Address Telerik Document Processing Security Vulnerability
+description: Learn more about a fixed security vulnerability in Telerik Document Processing
+type: troubleshooting
+page_title: How to upgrade Telerik Document Processing to resove a security vulnerability
+slug: dpl-kb-security-vulnerability
+tags: blazor, dpl
+ticketid:
+res_type: kb
+---
+
+## Environment
+
+<table>
+    <tbody>
+        <tr>
+            <td>Product</td>
+            <td>Telerik Document Processing</td>
+        </tr>
+        <tr>
+            <td>Version</td>
+            <td>Prior to 2025.1.205</td>
+        </tr>
+    </tbody>
+</table>
+
+## Description
+
+The [February 2025 release of Telerik Document Processing](https://docs.telerik.com/devtools/document-processing/release-notes/2025/release-notes-2025-1-205) resolves a Path traversal vulnerability:
+
+* [CVE-2024-11343](https://docs.telerik.com/devtools/document-processing/knowledge-base/kb-security-path-traversal-cve-2024-11343)
+
+>tip Telerik UI for ASP.NET AJAX uses [Telerik Document Processing](https://docs.telerik.com/devtools/document-processing/introduction) packages and APIs for its Excel export features. **Telerik UI for ASP.NET AJAX is NOT affected by the mentioned resolved vulnerability.** This article exists only as a heads-up to customers who may be using Telerik Document Processing in their Telerik ASP.NET AJAX (Web Forms) applications.
+
+This article describes potential next steps for developers working specifically with Telerik Document Processing.
+
+## Solution
+
+No action is required if:
+
+* Your application is not referencing Telerik Document Processing packages explicitly.
+* Your application is not using `Telerik.Zip` APIs directly.
+
+If your use case scenario is the opposite of the listed items above, then:
+
+* [Get familiar with the vulnerabilities, their impact, and resolutions](#description).
+* Upgrade Telerik Document Processing to version **2025.1.205** or later.
+
+## See Also
+
+* [Release Notes for Telerik Document Processing version 2025.1.205 (2025 Q1)](https://docs.telerik.com/devtools/document-processing/release-notes/2025/release-notes-2025-1-205)
+* [KB article for CVE-2024-11343](https://docs.telerik.com/devtools/document-processing/knowledge-base/kb-security-path-traversal-cve-2024-11343)
