CNNVD-202601-1139 Information

CNNVD ID

CNNVD-202601-1139

Related CVE

CVE-2025-69264

• CNNVD Published: 2026-01-07

Description (Chinese)

pnpm是pnpm开源的一个包管理器。 pnpm 10.0.0版本至10.25版本存在安全漏洞，该漏洞源于git托管的依赖项可在安装期间执行任意代码，可能导致远程代码执行。

Description (English)

pnpm is a package manager for pnpm open source. There is a security loophole in versions 10.0.0 to 10.25, which stems from the fact that the Git hosting dependencies implement any code during installation, which may result in remote code execution.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

pnpm

Published

2026-01-07

Last Modified

2026-02-24

References

https://github.com/pnpm/pnpm/commit/73cc63504d9bc360c43e4b2feb9080677f03c5b5 https://github.com/pnpm/pnpm/security/advisories/GHSA-379q-355j-w6rj https://access.redhat.com/security/cve/cve-2025-69264

Patch

https://github.com/pnpm/pnpm/releases