GHSA-QRV3-253H-G69C is a high-severity path traversal vulnerability in pnpm (npm), affecting versions < 10.34.4. It is fixed in 10.34.4, 11.8.0.
Summary pnpm accepts package names from the env lockfile configDependencies section and uses those names directly when creating config dependency symlinks under nodemodules/.pnpm-config. A malicious repository can commit a crafted pnpm-lock.yaml whose env-lockfile document contains a traversal-shaped config dependency name such as ../../PWNEDCFGDEP. During pnpm install, pnpm installs the config dependency and creates a symlink at a path derived from that name. In local testing against pnpm v11.5.1, this caused pnpm to create a symlink outside the intended config dependency directory: This works with --ignore-scripts, so it does not rely on lifecycle script execution. Vulnerable behavior The vulnerable behavior appears to be that configDependencies keys from the env lockfile are trusted as package names and used in filesystem paths without rejecting traversal components. The relevant pattern is: If pkgName is attacker-controlled and contains .., then path.join(configModulesDir, pkgName) can resolve outside nodemodules/.pnpm-config. Impact A malicious project can cause pnpm to create symlinks outside the intended nodemodules/.pnpm-config directory during install. This gives an attacker a filesystem write primitive in the victim project directory, and potentially outside it with deeper traversal payloads, depending on path permissions and platform behavior. The issue is especially relevant because: The malicious input is committed in pnpm-lock.yaml. The issue is triggered during pnpm install. It works with --ignore-scripts. It occurs in the config dependency installation path, before ordinary dependency installation. The user only needs to install a malicious or compromised repository. Local proof of concept The following local-only PoC creates a temporary project, starts a local fake registry on 127.0.0.1, writes a malicious env-lockfile entry, runs pnpm, and checks whether pnpm created a symlink outside nodemodules/.pnpm-config. Command used: Observed output: pnpm output: The PoC then detected the escaped symlink: Malicious lockfile structure The malicious input is an env-lockfile configDependencies key containing traversal components: pnpm accepts the traversal-shaped name and reports it as installed: Security boundary violation The intended config dependency root was: But pnpm created: This demonstrates that a config dependency name from the lockfile can escape the directory where config dependencies should be linked. Suggested remediation Validate every configDependencies key loaded from the env lockfile before using it as a package name or path component. Recommended fixes: Reject env-lockfile configDependencies names that are not valid npm package names. Reject names containing absolute paths, . components, .. components, backslashes, or platform-specific path separators. Use containment-checked path joining before creating symlinks: resolve the final destination path, verify it remains inside nodemodules/.pnpm-config, reject if it escapes. Apply the same validation to config dependency subdependencies and optional dependency names read from the env lockfile. Intersect env-lockfile configDependencies with the effective pnpm-workspace.yaml configDependencies before installing, so extra lockfile-only entries are rejected. A safe destination check should enforce behavior equivalent to: Name validation should happen before this check, not instead of it.
Input manipulates file paths to reach files outside the intended directory, such as configuration or credential files. Typical impact: unauthorized file read or write outside the intended directory.
GHSA-QRV3-253H-G69C has a CVSS score of 8.2 (High). The vector is network-reachable, no privileges required, and user interaction required. A CVSS score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether this affects your application depends on whether the vulnerable code is present and reachable in your environment.
A fixed version is available (10.34.4, 11.8.0). Upgrading removes the vulnerable code path.
npm
pnpm (< 10.34.4)pnpm (>= 11.0.0, < 11.8.0)pnpm → 10.34.4 (npm)pnpm → 11.8.0 (npm)Severity tells you how bad this could be in the worst case. It does not tell you whether you are exposed. Exploitability and impact are functions of runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A vulnerable package can sit in your dependency tree and never run.
Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter instead of chasing every advisory.
Kodem's runtime-powered SCA identifies whether GHSA-QRV3-253H-G69C is reachable in your applications. Explore open-source security for your team.
See if GHSA-QRV3-253H-G69C is reachable in your applications. Get a demo
Already deployed Kodem? See GHSA-QRV3-253H-G69C in your environment →Upgrade the following packages to resolve this vulnerability:
pnpm to 10.34.4 or laterpnpm to 11.8.0 or laterKodem Kai can prioritize this vulnerability in your dependency tree and generate a fix recommendation.
GHSA-QRV3-253H-G69C is a high-severity path traversal vulnerability in pnpm (npm), affecting versions < 10.34.4. It is fixed in 10.34.4, 11.8.0. Input manipulates file paths to reach files outside the intended directory, such as configuration or credential files.
GHSA-QRV3-253H-G69C has a CVSS score of 8.2 (High). This score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether it represents real risk in your environment depends on whether the vulnerable code is present and reachable.
pnpm (npm) versions < 10.34.4 is affected.
Yes. GHSA-QRV3-253H-G69C is fixed in 10.34.4, 11.8.0. Upgrade to this version or later.
Whether GHSA-QRV3-253H-G69C is exploitable in your environment depends on whether the vulnerable code is present and reachable. A CVSS score is a worst-case rating; it does not account for your specific deployment, configuration, or usage patterns. Kodem, an Intelligent Application Security platform, uses runtime intelligence to show which vulnerabilities actually execute in production, so you can focus on the ones that represent real risk. Get a demo
Exploitability and impact are not fixed properties of a CVE. They depend on runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A high CVSS score on a dependency that never runs is not the same as real risk. Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter.
pnpm to 10.34.4 or laterpnpm to 11.8.0 or later