@TootSweet@lemmy.world because it’s specifically software that is about opening and processing arbitrary payloads.

@thatdosbox@mstdn.ca @screaminggoat@infosec.exchange I encourage you to check out UnigetUI as a frontend for Winget, Microsoft’s not-very-well-known package manager

@thovaiso@urusai.social @screaminggoat@infosec.exchange I’m a big Winget proponent (and chocolatey before that) and have UnigetUI running on all my windows machines for managing Winget, pip, nuget, and PowerShell packages/scripts

@nazokiyoubinbou@urusai.social supply chain attacks are the favorite these days :/

@devans143@phpc.social CVE indicates 24.08 was the patched version

@arichtman@eigenmagic.net nah, this is the one from last month, but since 7z doesn’t self-update I figure I’d do my part in getting people to grab the latest version

@screaminggoat heh yeah, that was supposedly utilizing this CVE which is what led me to it.

I would normally hold off on posting something this old but 7z has no self update mechanism so people tend to run old versions :/

@screaminggoat @arichtman ah interesting. I’ll update the link to point at the actual CVE