Does included 7zip have a vunerability?

Hi, My Kaspersky IS scans for vulnerable applications and it is saying the included 7zip in Local is out of date. See below.

https://threats.kaspersky.com/en/vulnerability/KLA11240/?utm_source=KIS_20.0.0&utm_medium=inp&utm_campaign=en

C:\Program Files (x86)\Local\resources\app.asar.unpacked\node_modules\7zip\7zip-lite\7z.exe

Is it an issue and would it be possible to include a more recent version where the vulnerability has been fixed? Thanks.

Hi @localkiwi,

Thanks for the note about this! I scanned the file directly with VirusTotal and Kaspersky did not report an issue with it.

With that said, I’ll see what we can do on our end to update which version of 7zip we include.

@localkiwi,

We’ve taken care of this out-of-date dependency and it will be resolved in an upcoming update of Local (after 5.6.10 as 5.6.10 just went through QA).

Thanks again for the heads-up!

1 Like

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.