pnpm 11.3.x < 11.5.3 Stage Download Path Traversal (CVE-2026-55700)
The version of pnpm installed on the remote host is 11.3.x prior to 11.5.3. It is, therefore, affected by a path traversal vulnerability: - From 11.3.0 until 11.5.3, pnpm stage download derived a local filename from registry-controlled package name and version fields. A crafted manifest could...