CVE-2019-16511
N/A
N/A
Summary
An issue was discovered in DTF in FireGiant WiX Toolset before 3.11.2. Microsoft.Deployment.Compression.Cab.dll and Microsoft.Deployment.Compression.Zip.dll allow directory traversal during CAB or ZIP archive extraction, because the full name of an archive file (even with a ../ sequence) is concatenated with the destination path.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/wixtoolset/issues/issues/6075
- https://wixtoolset.org/development/wips/6075-dtf-zip-slip/
- https://www.firegiant.com/blog/2019/9/18/wix-v3.11.2-released/
- https://github.com/GitHubAssessments/CVE_Assessments_09_2019
References
- https://github.com/wixtoolset/issues/issues/6075
- https://wixtoolset.org/development/wips/6075-dtf-zip-slip/
- https://www.firegiant.com/blog/2019/9/18/wix-v3.11.2-released/
- https://github.com/GitHubAssessments/CVE_Assessments_09_2019
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.