CVE-2022-26183

Name of the Vulnerable Software and Affected Versions PNPM versions 6.15.1 and below

Description The issue is related to an untrusted search path in PNPM, which can cause the application to behave in unexpected ways when users execute PNPM commands in a directory containing malicious content. This occurs when the application is run on Windows OS.

Recommendations For PNPM versions 6.15.1 and below, update to a version above 6.15.1 to resolve the issue. As a temporary workaround, consider avoiding the execution of PNPM commands in directories that may contain malicious content. Restrict access to sensitive directories to minimize the risk of exploitation.