CVE-2019-16511

An issue was discovered in DTF in FireGiant WiX Toolset before 3.11.2. Microsoft.Deployment.Compression.Cab.dll and Microsoft.Deployment.Compression.Zip.dll allow directory traversal during CAB or ZIP archive extraction, because the full name of an archive file (even with a ../ sequence) is concatenated with the destination path.
Configurations

Configuration 1 (hide)

cpe:2.3:a:firegiant:wix_toolset:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-09-19 16:15

Updated : 2024-02-28 17:08


NVD link : CVE-2019-16511

Mitre link : CVE-2019-16511

CVE.ORG link : CVE-2019-16511


JSON object : View

Products Affected

firegiant

  • wix_toolset
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')