An issue was discovered in DTF in FireGiant WiX Toolset before 3.11.2. Microsoft.Deployment.Compression.Cab.dll and Microsoft.Deployment.Compression.Zip.dll allow directory traversal during CAB or ZIP archive extraction, because the full name of an archive file (even with a ../ sequence) is concatenated with the destination path.
References
Link | Resource |
---|---|
https://github.com/GitHubAssessments/CVE_Assessments_09_2019 | |
https://github.com/wixtoolset/issues/issues/6075 | Patch Third Party Advisory |
https://wixtoolset.org/development/wips/6075-dtf-zip-slip/ | Third Party Advisory |
https://www.firegiant.com/blog/2019/9/18/wix-v3.11.2-released/ | Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-09-19T15:54:04
Updated: 2019-11-04T17:53:06
Reserved: 2019-09-19T00:00:00
Link: CVE-2019-16511
JSON object: View
NVD Information
Status : Modified
Published: 2019-09-19T16:15:11.777
Modified: 2019-11-04T18:15:12.280
Link: CVE-2019-16511
JSON object: View
Redhat Information
No data.
CWE