Mldangelo

**Name of the Vulnerable Software and Affected Versions** pnpm versions prior to 10.28.2 **Description** pnpm, a package manager, is affected by an issue where installing a `file:` or `git:` dependency allows it to follow symlinks and read their target contents without restricting them to the package root. A malicious package containing a symlink to an absolute path, such as `/etc/passwd` or `~/.ssh/id rsa`, can cause pnpm to copy the contents of that file into `node modules`, potentially leading to local data leakage. The issue specifically impacts developers installing local/file dependencies and CI/CD pipelines installing git dependencies. This can result in credential theft through symlinks pointing to files like `~/.aws/credentials`, `~/.npmrc`, and `~/.ssh/id rsa`. The code in `store/cafs/src/addFilesFromDir.ts` uses `fs.statSync()` and `readFileSync()`, which by default follow symlinks, without verifying that the resolved path remains within the package directory. The vulnerable functions are `fs.statSync()` and `readFileSync()`. **Recommendations** Versions prior to 10.28.2 should be updated to version 10.28.2 or later.

**Name of the Vulnerable Software and Affected Versions** pnpm versions prior to 10.28.2 **Description** pnpm, a package manager, is susceptible to a file permission issue when processing the `directories.bin` field within a package. A malicious npm package can manipulate this field, specifically by using paths like `"directories": {"bin": "../../../../tmp"}` to bypass package directory restrictions. This allows pnpm to execute `chmod 755` on files located in arbitrary directories. The issue is limited to Unix/Linux/macOS systems, as Windows is not affected due to the `fixBin` functionality being gated by `EXECUTABLE SHEBANG SUPPORTED`. The vulnerable code resides in `pkg-manager/package-bins/src/index.ts` lines 15-21, where `path.join()` is used without validating that the resulting path remains within the package root. The `bin` field is protected by `isSubdir()`, but `directories.bin` lacks this check. A proof-of-concept demonstrates how a malicious package can alter the permissions of a sensitive file, changing them from 600 to 755, making it world-readable. This could lead to supply-chain attacks via npm packages. **Recommendations** Update to pnpm version 10.28.2 or later.

**Name of the Vulnerable Software and Affected Versions** pnpm versions prior to 10.28.1 **Description** pnpm, a package manager, contains a flaw in its binary fetcher that permits malicious packages to write files outside the designated extraction directory. This issue arises from two attack vectors: malicious ZIP entries utilizing `../` or absolute paths to bypass the extraction root through AdmZip's `extractAllTo` function, and the lack of validation when concatenating the `BinaryResolution.prefix` field into the extraction path, enabling crafted prefixes like `../../evil` to redirect files. The vulnerability affects users installing packages with binary assets, those configuring custom Node.js binary locations, and CI/CD pipelines automatically installing binary dependencies. Exploitation can result in overwriting configuration files, scripts, and other sensitive data, potentially leading to Remote Code Execution (RCE). **Recommendations** Update pnpm to version 10.28.1 or later.

**Name of the Vulnerable Software and Affected Versions** pnpm versions prior to 10.28.1 **Description** A path traversal flaw exists in pnpm's tarball extraction process on Windows systems. The vulnerability stems from incomplete path normalization, specifically failing to account for `.` in addition to `./` when validating file paths. This allows malicious packages to write files outside of their intended package directory by leveraging backslashes as directory separators, which are recognized by Windows. A proof-of-concept demonstrates the ability to overwrite files such as `.npmrc` and build configurations. This issue specifically impacts Windows pnpm users and Windows CI/CD pipelines, including GitHub Actions Windows runners and Azure DevOps. The vulnerability is located in the path normalization logic within `store/cafs/src/parseTarball.ts` and the platform-dependent behavior in `fs/indexed-pkg-importer/src/importIndexedDir.ts`. **Recommendations** Versions prior to 10.28.1 should be updated to version 10.28.1 or later.

**Name of the Vulnerable Software and Affected Versions** pnpm versions prior to 10.28.1 **Description** pnpm is susceptible to a path traversal issue in its bin linking mechanism. Malicious npm packages can exploit this to create executable shims or symlinks outside of the `node modules/.bin` directory. The vulnerability arises because bin names starting with `@` bypass validation, and path traversal sequences like `../../` are not fully removed during normalization. This allows attackers to potentially overwrite configuration files, scripts, or other sensitive files. The issue affects all pnpm users who install npm packages, as well as CI/CD pipelines utilizing pnpm. The vulnerability exists in the bin name validation and normalization logic within the `pkg-manager/package-bins/src/index.ts` and `pkg-manager/link-bins/src/index.ts` files. Specifically, the filter allows any bin name starting with `@` to pass through without validation. The `normalizeBinName` function does not completely remove path traversal sequences. The normalized name is then used directly in `path.join()` without further validation. A proof-of-concept (PoC) demonstrates the creation of a malicious package with a bin entry like `@scope/../../.npmrc`, which, when installed, results in the creation of the `.npmrc` file in the project root outside of the expected `node modules/.bin` directory. **Recommendations** Update pnpm to version 10.28.1 or later.

**Name of the Vulnerable Software and Affected Versions** Fickling versions prior to 0.1.7 **Description** Fickling is a Python pickling decompiler and static analyzer. Prior to version 0.1.7, the `unsafe imports()` method within Fickling’s static analyzer does not identify several high-risk Python modules that could be used for arbitrary code execution. This allows malicious pickles importing these modules to bypass Fickling’s safety checks. **Recommendations** Update Fickling to version 0.1.7 or later.