← Back to vulnerability list
← Back to vulnerability list
CVE-2024-38095
Description
- CVE ID
- CVE-2024-38095
- Package
- System.Formats.Asn1
- CVE severity
- Low
- EPPlus impact
- Low
Affected EPPlus Versions
7.3.0, 7.3.1
Status
fix-available — A fix is available. See advisory for details.
Advisory
Microsoft has released security fixes for System.Formats.Asn1 (transient dependencies in EPPlus). The potential risk for most users should be low.
Security patch for EPPlus released in version 7.3.2
Package Fix Information
This information refers to the upstream package (System.Formats.Asn1), not EPPlus. See the advisory above for EPPlus-specific guidance.
| Target framework | Package version | Fix state | Fixed in version |
|---|---|---|---|
| net6.0 | 8.0.0 | fixed | 8.0.1 |
| net7.0 | 8.0.0 | fixed | 8.0.1 |
| net8.0 | 8.0.0 | fixed | 8.0.1 |
| netstandard2.0 | 8.0.0 | fixed | 8.0.1 |
| netstandard2.1 | 8.0.0 | fixed | 8.0.1 |
Timeline
- First detected
- 2024-09-09
- Last updated
- 2026-04-01