Vulnerability In Aspose Slides - Important

Hi team,
We have integrated with Aspose Slides in our Production Systems.
However, our application has identified a vulnerability with the following package in Aspose Slides -
System.Security.Cryptography.X509Certificates.dll:4.700.22.56512

This is the recommended package -
pkg:generic/System.Security.Cryptography.X509Certificates.dll@5.0.20.11201?nexusnamespace=Microsoft%20Corporation%2FMicrosoft%C2%AE%20.NET%20Core&nexustype=pecoff

Cause of vulnerability - cve-details
The vulnerability is caused by X.509 chain building APIs that do not completely validate the X.509 certificate due to a logic flaw.

This is a major blocker for us, it is causing the CLM Scans across all our applications to fail.
Can you please fix this at the earliest, and replace the package ?

Thanks,
Sukriti

@sukritisehgal

Can you please provide more details about the specific issue you are facing with the vulnerability in Aspose Slides and how it is affecting your application?

We use SonaType CLM to scan a project’s dependencies for known vulnerabilities and policy violations. As part of this scan, System.Security.Cryptography.X509Certificates.dll:4.700.22.56512 package is flagged as a vulnerability blocking our development processes.
This package is part of the Aspose Slides library. We have tried adding the recommended package separately and even removing the vulnerable package from Aspose Slides but have run into multiple issues.

This topic has been moved to the related forum: Vulnerability In Aspose Slides - Important - Free Support Forum - aspose.com