Impact
The vulnerability arises when pnpm passes the lockfile‑controlled git resolution.commit value directly to the git fetch command without a separator or validation. A malicious lockfile can replace the expected 40‑character commit hash with a git option such as --upload-pack=<command>. For SSH or local transports, the injected --upload-pack option is executed, allowing the attacker to run arbitrary commands on the host that runs pnpm. This is a form of command injection (CWE-78).
Affected Systems
Pnpm package managers whose versions are older than 10.34.0 or 11.4.0 are vulnerable. Only the pnpm product is affected, as identified by the CNA.
Risk and Exploitability
The CVSS v3.1 score of 6.4 indicates a moderate severity. The EPSS score is less than 1%, meaning the likelihood of exploitation is very low. The vulnerability is not listed in CISA’s KEV catalog. Exploitation requires a crafted lockfile that is processed during a pnpm install operation. If the lockfile references a git repository over SSH or a local path and the attacker supplies an --upload-pack option, the command is executed with the permissions of the pnpm process, potentially allowing arbitrary code execution.
OpenCVE Enrichment
Github GHSA