Description
An issue was discovered in DTF in FireGiant WiX Toolset before 3.11.2. Microsoft.Deployment.Compression.Cab.dll and Microsoft.Deployment.Compression.Zip.dll allow directory traversal during CAB or ZIP archive extraction, because the full name of an archive file (even with a ../ sequence) is concatenated with the destination path.
References (4)
Core 4
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/wixtoolset/issues/issues/6075
Third Party Advisory x_refsource_misc
https://wixtoolset.org/development/wips/6075-dtf-zip-slip/
Patch, Vendor Advisory x_refsource_misc
https://www.firegiant.com/blog/2019/9/18/wix-v3.11.2-released/
Various Sources x_refsource_misc
https://github.com/GitHubAssessments/CVE_Assessments_09_2019
Scores
CVSS v3
5.5
EPSS
0.0153
EPSS Percentile
71.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Details
CWE
CWE-22
Status
published
Products (1)
firegiant/wix_toolset
< 3.11.2
Published
Sep 19, 2019
Tracked Since
Feb 18, 2026