Symlink Attack
Overview @pnpm/store.cafs is a content-addressable filesystem for the packages storage Affected versions of this package are vulnerable to Symlink Attack via the handling file: or git: dependencies, which follow symlinks without restricting access to the package root. An attacker can access and...