IronXL - Security CVE

Please see information below regarding IronXL:

  1. All Iron Software products are DigiCert certified
  2. IronXL does not use Microsoft.Office.Interop
  3. IronXL does not use web services nor send data across the internet
  4. No COM or COM+ interfaces are exposed in the IronXL.dll
  5. The library is written entirely in C# which protects implicitly from many common attack vectors
  6. As few entry points as possible to the API are exposed
  7. Strong naming and sophisticated tamper protection
  8. Regularly scanned with multiple anti-virus/anti-malware scanners, using highest security and heuristic search for potential threats
  9. Every line of code goes though at least two levels of human review by senior engineers to check for security vulnerabilities
  10. IronXL makes no known access to un-managed code, unlike other Excel Libraries which use Office Interop
  11. IronXL makes use of following .NET dependencies - none of which are known to us as a security attack vector - particularly as every object is internalized to our library (static linking) with no public or external access
  12. System.ValueTuple
  13. System.Text.Encoding.CodePages
  14. System.Security.Principal.Windows
  15. System.Security.Permissions
  16. System.Security.Cryptography.ProtectedData
  17. System.Security.AccessControl
  18. System.Runtime.CompilerServices.Unsafe
  19. System.Reflection.TypeExtensions
  20. System.Numerics.Vectors
  21. System.Memory
  22. System.Configuration.ConfigurationManager
  23. System.Buffers
  24. Npoi
  25. Newtonsoft.Json
  26. Microsoft.Extensions.Primitives
  27. Microsoft.Extensions.FileSystemGlobbing
  28. Microsoft.Extensions.FileProviders.Physical
  29. Microsoft.Extensions.FileProviders.Abstractions
  30. Microsoft.Extensions.Configuration.Json
  31. Microsoft.Extensions.Configuration.FileExtensions
  32. Microsoft.Extensions.Configuration.Binder
  33. Microsoft.Extensions.Configuration.Abstractions
  34. Microsoft.Extensions.Configuration
  35. Microsoft.CSharp
  36. ICSharpCode.SharpZipLib
  37. CsvHelper