Open tdhooten opened 9 months ago
The dependency on System.Security.Cryptography.Pkcs version 6.0.1 has the following CVE-2023-29331:
https://github.com/advisories/GHSA-555c-2p6r-68mm
Please bump the version to at least 7.0.2 as soon as possible.
This is an indirect dependency introduced through NPOI. I have reported to the NPOI team.
This has been resolved in https://github.com/nissl-lab/npoi/pull/1183. Will update as soon as NPOI releases a new version.
The dependency on System.Security.Cryptography.Pkcs version 6.0.1 has the following CVE-2023-29331:
https://github.com/advisories/GHSA-555c-2p6r-68mm
Please bump the version to at least 7.0.2 as soon as possible.