2 matches found
Directory Traversal
Overview @pnpm/store.cafs is a content-addressable filesystem for the packages storage Affected versions of this package are vulnerable to Directory Traversal via improper path normalization during tarball extraction on Windows. An attacker can overwrite files outside the intended directory by...
Symlink Attack
Overview @pnpm/store.cafs is a content-addressable filesystem for the packages storage Affected versions of this package are vulnerable to Symlink Attack via the handling file: or git: dependencies, which follow symlinks without restricting access to the package root. An attacker can access and...