We're sorry AsposeApp doesn't work properply without JavaScript enabled.

Free Support Forum - aspose.app

Nuget dependency vulnerability System.Security.Cryptography.Pkcs version 6.0.1 (CVE-2023-29331)

The following Aspose nuget packages (aspose.cells.21.7.0, aspose.email.22.11.0, aspose.pdf.22.12.0 and aspose.cells.22.12.0.nupkg) are getting flagged for containing a vulnerable nuget dependency for System.Security.Cryptography.Pkcs version 6.0.1. Looks like even the latest versions of above mentioned packages contain the vulnerable version of System.Security.Cryptography.Pkcs.

How do we go about mitigating this issue? Can we expect a patch for the above mentioned packages using a non-vulnerable version of System.Security.Cryptography.Pkcs (this relates to CVE-2023-29331)

This topic has been moved to the related forum: https://forum.aspose.com/t/nuget-dependency-vulnerability-system-security-cryptography-pkcs-version-6-0-1-cve-2023-29331/267146