ExcelMapper icon indicating copy to clipboard operation
ExcelMapper copied to clipboard
verified publisher icon mganss

System.Security.Cryptography.Pkcs dependency has severe vulnerability

Open tdhooten opened this issue 2 years ago • 2 comments

The dependency on System.Security.Cryptography.Pkcs version 6.0.1 has the following CVE-2023-29331:

https://github.com/advisories/GHSA-555c-2p6r-68mm

Please bump the version to at least 7.0.2 as soon as possible.

tdhooten avatar Dec 11 '23 22:12 tdhooten

This is an indirect dependency introduced through NPOI. I have reported to the NPOI team.

mganss avatar Dec 12 '23 13:12 mganss

This has been resolved in https://github.com/nissl-lab/npoi/pull/1183. Will update as soon as NPOI releases a new version.

mganss avatar Dec 13 '23 14:12 mganss