The WiX Toolset has no use of Node in it at all. That must be a wrapper written by someone else. They apparently need to fix their wrapper to not have a vulnerability in it.
https://github.com/rewiredpictures/node-wixtoolset is a possible candidate for the location of the codebase containing the vulnerability. They are not the WiX Toolset, although it appears that they wrap our toolset using JS as a build-time script engine. Whoever opened this bug here might wish to consider opening it there.
CVE-2016-10663 concerns Wix but I can't see it addressed anywhere in the issues list. Are you aware of it and what's the resolution, if any?
https://nvd.nist.gov/vuln/detail/CVE-2016-10663
The text was updated successfully, but these errors were encountered: