wix

NuGet3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting wixpage 1 of 1

CVE-2024-24810HIGHCVSS 8.2EG 8.2✓ Fixed in 3.14.0
2024-02-07
vulnerable: 3.10.0 ... 3.9.2.1 (27 versions)
WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. The .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges. This impacts any installer b…
CVE-2024-29187HIGHCVSS 7.3EG 7.3✓ Fixed in 4.0.5
2024-03-24
vulnerable: 4.0.0 ... 4.0.4 (10 versions)
WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. When a bundle runs as SYSTEM user, Burn uses GetTempPathW which points to an insecure directory C:\Windows\Temp to drop and load multiple…
CVE-2024-29188HIGHCVSS 7.9EG 7.9✓ Fixed in 4.0.5
2024-03-24
vulnerable: 4.0.0 ... 4.0.4 (10 versions)
WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. The custom action behind WiX's `RemoveFolderEx` functionality could allow a standard user to delete protected directories. `RemoveFolderE…

Check whether wix is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for wix CVEs against the assets you own.

Start Free Scan →