GHSA-wq88-fq4x-h2pm: WiX Burn-based bundles are vulnerable to binary hijack when run as SYSTEM
Burn uses an unprotected C:\Windows\Temp directory to copy binaries and run them from there. This directory is not entirely protected against low privilege users.
References
Detect and mitigate GHSA-wq88-fq4x-h2pm with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →