Lucene search
K

4 matches found

Snyk
Snyk
added 2026/04/01 12:25 a.m.1 views

Symlink Attack

Overview @tinacms/graphql is a GraphQL database generating component for Tina, the headless content management system with support for Markdown, MDX, JSON, YAML, and more. Affected versions of this package are vulnerable to Symlink Attack in the FilesystemBridge get, put, delete, and glob methods...

8.8CVSS5.9AI score0.00372EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/30 5:7 p.m.21 views

@tinacms/graphql has Path Traversal that leads to overwrite of arbitrary files

Summary A Path Traversal vulnerability in @tinacms/graphql allows unauthenticated users to write and overwrite arbitrary files within the project root. This is achieved by manipulating the relativePath parameter in GraphQL mutations. The impact includes the ability to replace critical server...

8.1CVSS6.2AI score0.00386EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/30 12:0 a.m.7 views

PT-2026-29157

Name of the Vulnerable Software and Affected Versions Tina versions prior to 2.2.2 Description A path traversal vulnerability exists in @tinacms/graphql, allowing unauthenticated users to write and overwrite arbitrary files within the project root. This is achieved by manipulating the relativePat...

8.1CVSS6.1AI score0.00386EPSS
Exploits0References5
Snyk
Snyk
added 2025/12/18 6:45 p.m.3 views

Arbitrary Code Injection

Overview @tinacms/graphql is a GraphQL database generating component for Tina, the headless content management system with support for Markdown, MDX, JSON, YAML, and more. Affected versions of this package are vulnerable to Arbitrary Code Injection via the improper use of gray-matter package. An...

8.6CVSS8AI score0.00393EPSS
Exploits1References2
Rows per page
Query Builder