← Back to vulnerability list
← Back to vulnerability list
CVE-2024-43485
Description
- CVE ID
- CVE-2024-43485
- Package
- System.Text.Json
- Package version
- 8.0.4
- Severity
- Low
Affected EPPlus Versions
- 7.4.0
- 7.3.2
- 7.3.1
- 7.3.0
Status
fix-available — A fix is available. See advisory for details.
Advisory
Microsoft has released a security fix in System.Text.Json 8.0.5. The potential risk for most EPPlus users should be low.
EPPlus patch released in version 7.4.1
Package Fix Information
This information refers to the upstream package (System.Text.Json), not EPPlus. See the advisory above for EPPlus-specific guidance.
- Fix state
- fixed
- Fixed in version
- 8.0.5
Timeline
- First detected
- 2026-03-26
- Last updated
- 2026-04-02