Ssw

Tinacms/cli

8 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.3

CVE-2026-34603

  • EPSS 0.08%
  • Veröffentlicht 01.04.2026 16:08:44
  • Zuletzt bearbeitet 07.04.2026 19:13:12

Tina is a headless content management system. Prior to version 2.2.2, @tinacms/cli recently added lexical path-traversal checks to the dev media routes, but the implementation still validates only the path string and does not resolve symlink or junct...

7.4

CVE-2026-28791

Exploit
  • EPSS 0.08%
  • Veröffentlicht 12.03.2026 17:16:50
  • Zuletzt bearbeitet 13.03.2026 19:55:35

Tina is a headless content management system. Prior to 2.1.7, a path traversal vulnerability exists in the TinaCMS development server's media upload handler. The code at media.ts joins user-controlled path segments using path.join() without validatin...

9.6

CVE-2026-28792

Exploit
  • EPSS 0.28%
  • Veröffentlicht 12.03.2026 17:16:50
  • Zuletzt bearbeitet 13.03.2026 19:54:32

Tina is a headless content management system. Prior to 2.1.8 , the TinaCMS CLI dev server combines a permissive CORS configuration (Access-Control-Allow-Origin: *) with the path traversal vulnerability (previously reported) to enable a browser-based ...

8.4

CVE-2026-28793

Exploit
  • EPSS 0.02%
  • Veröffentlicht 12.03.2026 17:16:50
  • Zuletzt bearbeitet 13.03.2026 19:58:55

Tina is a headless content management system. Prior to 2.1.8, the TinaCMS CLI development server exposes media endpoints that are vulnerable to path traversal, allowing attackers to read and write arbitrary files on the filesystem outside the intende...

6.2

CVE-2026-29066

Exploit
  • EPSS 3.15%
  • Veröffentlicht 12.03.2026 17:16:50
  • Zuletzt bearbeitet 13.03.2026 19:57:18

Tina is a headless content management system. Prior to 2.1.8, the TinaCMS CLI dev server configures Vite with server.fs.strict: false, which disables Vite's built-in filesystem access restriction. This allows any unauthenticated attacker who can reac...

8.8

CVE-2025-68278

Exploit
  • EPSS 0.07%
  • Veröffentlicht 18.12.2025 15:27:21
  • Zuletzt bearbeitet 10.04.2026 17:34:56

Tina is a headless content management system. In tinacms prior to version 3.1.1, tinacms uses the gray-matter package in an insecure way allowing attackers that can control the content of the processed markdown files, e.g., blog posts, to execute arb...

7.5

CVE-2024-45391

  • EPSS 0.25%
  • Veröffentlicht 03.09.2024 20:15:08
  • Zuletzt bearbeitet 13.03.2026 19:37:28

Tina is an open-source content management system (CMS). Sites building with Tina CMS's command line interface (CLI) prior to version 1.6.2 that use a search token may be vulnerable to the search token being leaked via lock file (tina-lock.json). Admi...

7.5

CVE-2023-25164

  • EPSS 0.37%
  • Veröffentlicht 08.02.2023 20:15:24
  • Zuletzt bearbeitet 13.03.2026 20:11:31

Tinacms is a Git-backed headless content management system with support for visual editing. Sites being built with @tinacms/cli >= 1.0.0 && < 1.0.9 which store sensitive values in the process.env variable are impacted. These values will be added in p...