[wix-users] CVE Score for DLL Hijack that 3.11.1 fixes?
John Ludlow
john.ludlow.uk at gmail.com
Thu Feb 1 09:09:20 PST 2018
Hi,
We are currently using WiX 3.11, and are evaluating whether we want to
upgrade to WiX 3.11.1 in our next release (which is in its final stages) or
stay on 3.11 until early in our next release.
Obviously the main talking point is this vulnerability and its fix:
https://github.com/wixtoolset/issues/issues/5184/
One piece of evidence that would help is the CVSS/CVE scores for this
vulnerability. Does this exist in a database such as cve.mitre.org or NVD?
If not then we would still update but it's more likely that we would do
that early next release.
Thanks
John
More information about the wix-users
mailing list