0.003 Low
EPSS
Percentile
65.2%
pnpm is vulnerable to remote code execution. The vulnerability exists due an untrusted search path existing when running the application in Windows, which allows a malicious attacker to inject and execute pnpm commands.
github.com/pnpm/pnpm/commit/04b7f60861ddee8331e50d70e193d1e701abeefb
github.com/pnpm/pnpm/releases/tag/v6.15.1