{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47324?format=json","vulnerability_id":"VCID-cqv1-nyh9-buh6","summary":"WiX Burn-based bundles are vulnerable to binary hijack when run as SYSTEM\nBurn uses an unprotected C:\\Windows\\Temp directory to copy binaries and run them from there. This directory is not entirely protected against low privilege users.","aliases":[{"alias":"GHSA-g4v6-69p6-q3p4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69532?format=json","purl":"pkg:nuget/PanelSwWix4.Sdk@5.0.0-psw-wix.0265-49","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/PanelSwWix4.Sdk@5.0.0-psw-wix.0265-49"}],"affected_packages":[],"references":[{"reference_url":"https://github.com/nirbar/wix4","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/nirbar/wix4"},{"reference_url":"https://github.com/nirbar/wix4/commit/0410df93a5f29e4235b4b78b90a1384ffafd062b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/nirbar/wix4/commit/0410df93a5f29e4235b4b78b90a1384ffafd062b"},{"reference_url":"https://github.com/advisories/GHSA-g4v6-69p6-q3p4","reference_id":"GHSA-g4v6-69p6-q3p4","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-g4v6-69p6-q3p4"},{"reference_url":"https://github.com/nirbar/wix4/security/advisories/GHSA-g4v6-69p6-q3p4","reference_id":"GHSA-g4v6-69p6-q3p4","reference_type":"","scores":[],"url":"https://github.com/nirbar/wix4/security/advisories/GHSA-g4v6-69p6-q3p4"}],"weaknesses":[{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."},{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."}],"exploits":[],"severity_range_score":null,"exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cqv1-nyh9-buh6"}