System.Security.Cryptography.Pkcs dependency has severe vulnerability

mganss / ExcelMapper

An Excel to object mapper. Maps POCOs to and from Excel. Configuration via convention, attributes, or fluent methods.

MIT License

784 stars 121 forks source link

Open tdhooten opened 9 months ago

tdhooten commented 9 months ago

The dependency on System.Security.Cryptography.Pkcs version 6.0.1 has the following CVE-2023-29331:

Please bump the version to at least 7.0.2 as soon as possible.

mganss commented 9 months ago

This is an indirect dependency introduced through NPOI. I have reported to the NPOI team.

mganss commented 9 months ago

This has been resolved in https://github.com/nissl-lab/npoi/pull/1183. Will update as soon as NPOI releases a new version.