← Back to vulnerability list
← Back to vulnerability list
CVE-2024-38095
Description
- CVE ID
- CVE-2024-38095
- Package
- System.Formats.Asn1
- Package version
- 8.0.0
- Severity
- Low
Affected EPPlus Versions
- 7.3.1
- 7.3.0
Status
fix-available — A fix is available. See advisory for details.
Advisory
Microsoft has released security fixes for System.Formats.Asn1 (transient dependencies in EPPlus). The potential risk for most users should be low.
Security patch for EPPlus released in version 7.3.2
Package Fix Information
This information refers to the upstream package (System.Formats.Asn1), not EPPlus. See the advisory above for EPPlus-specific guidance.
- Fix state
- fixed
- Fixed in version
- 8.0.1
Timeline
- First detected
- 2026-03-26
- Last updated
- 2026-04-01