VYPR

NuGet package

wix

pkg:nuget/wix

Vulnerabilities (3)

  • CVE-2024-29188HigMar 24, 2024
    affected < 3.14.1fixed 3.14.1

    WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. The custom action behind WiX's `RemoveFolderEx` functionality could allow a standard user to delete protected directories. `RemoveFolderEx` deletes an entire directory tree durin

  • CVE-2024-29187HigMar 24, 2024
    affected < 3.14.1fixed 3.14.1

    WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. When a bundle runs as SYSTEM user, Burn uses GetTempPathW which points to an insecure directory C:\Windows\Temp to drop and load multiple binaries. Standard users can hijack the

  • CVE-2024-24810Feb 7, 2024
    affected >= 4.0.0, < 4.0.4fixed 4.0.4

    WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. The .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges. This impacts any installer built with the WiX installer framework. Th