7 matches found
pnpm < 10.34.0 / 11.x < 11.4.0 Multiple Vulnerabilities
The version of pnpm installed on the remote host is prior to 10.34.0, or 11.x prior to 11.4.0. It is, therefore, affected by multiple vulnerabilities: - pnpm allows a transitive dependency alias from registry package metadata to contain path traversal segments. During install, pnpm later uses tha...
EUVD-2026-39494
pnpm: Transitive dependency alias path traversal allows project path override via symlink replacement...
CVE-2026-50016
pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm allows a transitive dependency alias from registry package metadata to contain path traversal segments. During install, pnpm later uses that alias as a filesystem path when linking dependency nodes. As a result, a registry package can...
CVE-2026-50016
pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm allows a transitive dependency alias from registry package metadata to contain path traversal segments. During install, pnpm later uses that alias as a filesystem path when linking dependency nodes. As a result, a registry package can...
CVE-2026-50016 pnpm: Transitive dependency alias path traversal allows project path override via symlink replacement
pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm allows a transitive dependency alias from registry package metadata to contain path traversal segments. During install, pnpm later uses that alias as a filesystem path when linking dependency nodes. As a result, a registry package can...
CVE-2026-50016
pnpm (the package manager) is affected by CVE-2026-50016. Before versions 10.34.0 and 11.4.0, a transitive dependency alias from registry metadata could include path traversal segments. During install, pnpm may treat that alias as a filesystem path when linking dependency nodes, allowing a regist...
PT-2026-52515
Name of the Vulnerable Software and Affected Versions pnpm versions prior to 10.34.0 pnpm versions prior to 11.4.0 Description pnpm allows a transitive dependency alias within registry package metadata to include path traversal segments. During the installation process, pnpm utilizes this alias a...