Tina is a headless content management system. Prior to 2.1.7, a path traversal vulnerability exists in the TinaCMS development server's media upload handler. The code at media.ts joins user-controlled path segments using path.join() without validating that the resulting path stays within the intended media directory. This allows writing files to arbitrary locations on the filesystem. This vulnerability is fixed in 2.1.7.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:HSsw Tinacms\/cli
APPSsw< 2.1.7
Related vulnerabilities
TinaCMS CLI: path traversal + CORS umożliwiają atak drive-by na deweloperów
Tina is a headless content management system. Prior to version 2.2.2, @tinacms/cli recently added lexical path...
Tina is a headless content management system. Prior to 2.1.8, the TinaCMS CLI development server exposes media...
Tina is a headless content management system. In tinacms prior to version 3.1.1, tinacms uses the gray-matter ...
Tina is an open-source content management system (CMS). Sites building with Tina CMS's command line interface ...