Tina is a headless content management system. Prior to version 2.2.2, a path traversal vulnerability in @tinacms/graphql allows unauthenticated users to write and overwrite arbitrary files within the project root. This is achieved by manipulating the relativePath parameter in GraphQL mutations. The impact includes the ability to replace critical server configuration files and potentially execute arbitrary commands by sabotaging build script. This issue has been patched in version 2.2.2.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:HSsw Tinacms\/graphql
APPSsw≤ 2.2.1
Related vulnerabilities
Tina is a headless content management system. Prior to version 2.2.2, @tinacms/graphql uses string-based path ...
Tina is a headless content management system. In tinacms prior to version 3.1.1, tinacms uses the gray-matter ...
Tina is a headless content management system. Prior to 2.1.2, TinaCMS allows users to create, update, and dele...
TinaCMS CLI: path traversal + CORS umożliwiają atak drive-by na deweloperów
Tina is a headless content management system. Prior to version 2.2.2, @tinacms/cli recently added lexical path...