An issue was discovered in DTF in FireGiant WiX Toolset before 3.11.2. Microsoft.Deployment.Compression.Cab.dll and Microsoft.Deployment.Compression.Zip.dll allow directory traversal during CAB or ZIP archive extraction, because the full name of an archive file (even with a ../ sequence) is concatenated with the destination path.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2019-09-19T15:54:04
Updated: 2024-08-05T01:17:40.836Z
Reserved: 2019-09-19T00:00:00
Link: CVE-2019-16511
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-09-19T16:15:11.777
Modified: 2019-11-04T18:15:12.280
Link: CVE-2019-16511
Redhat
No data.