Aspose.Cells Nuget Package has a vulnerability

Aspose.Cells Nuget Package is using System.Security.Cryptography.Pkcs 6.0.1.
Which is vulnerable to Denial of Service.

Microsoft Security Advisory CVE-2023-29331: .NET Denial of Service vulnerability

Executive summary

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.

A vulnerability exists in .NET when processing X.509 certificates that may result in Denial of Service.

Upgrade System.Security.Cryptography.Pkcs from 6.0.1 to 6.0.3 to fix the vulnerability.

Can you please upgrade System.Security.Cryptography.Pkcs from 6.0.1 to 6.0.3 ASAP and share the version details.

@PramodHegde,

Thank you for reporting this issue. We will investigate it soon. If there is no other problems, we will upgrade the referenced lib and include the update into next official version 23.7 which will be released next month(maybe the second week of July).

@PramodHegde,

We have already opened the following new ticket(s) in our internal issue tracking system and will deliver their fixes according to the terms mentioned in Free Support Policies.

Issue ID(s): CELLSNET-53597

You can obtain Paid Support Services if you need support on a priority basis, along with the direct access to our Paid Support management team.

@PramodHegde,

We are pleased to inform you that we have fixed the vulnerability (issue id: “CELLSNET-53597”) for System.Security.Cryptography.Pkcs. We have upgraded System.Security.Cryptography.Pkcs version to 6.0.3. We will package the fix for .NET 6.0 and .NET 7.0 frameworks in our upcoming release (Aspose.Cells v23.7) that we plan to release in the second week of July 2023. You will be notified when the supported version is released.

The issues you have found earlier (filed as CELLSNET-53597) have been fixed in this update. This message was posted using Bugs notification tool by johnson.shi