Lucene search
K

5 matches found

ATTACKERKB
ATTACKERKB
added 2026/07/01 8:47 p.m.5 views

CVE-2026-54074

Tina is a headless content management system. @tinacms/cli versions prior to 2.4.3 contain a Remote Code Execution vulnerability in the Forestry-to-Tina migration command. The internal helper addVariablesToCode unquotes any value matching the marker "TINAINTERNAL:::.?:::" inside the stringified...

7.8CVSS6.1AI score0.0017EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/07/01 8:47 p.m.24 views

CVE-2026-54074

CVE-2026-54074 affects @tinacms/cli (pre-2.4.3) used with TinaCMS. A Forestry-to-Tina migration path unquotes values in user-controlled YAML fields via the TINA_INTERNAL marker, allowing injection of arbitrary JavaScript into the generated tina/templates.{ts,js} file. The code executes at module ...

7.8CVSS6.1AI score0.0017EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/01 8:47 p.m.32 views

CVE-2026-54074 @tinacms/cli: Remote Code Execution via Forestry migration — unsanitised __TINA_INTERNAL__ marker in user-controlled YAML labels

Tina is a headless content management system. @tinacms/cli versions prior to 2.4.3 contain a Remote Code Execution vulnerability in the Forestry-to-Tina migration command. The internal helper addVariablesToCode unquotes any value matching the marker "TINAINTERNAL:::.?:::" inside the stringified...

7.8CVSS0.0017EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/06/19 9:15 p.m.7 views

@tinacms/cli: Remote Code Execution in @tinacms/cli via Forestry migration — unsanitised __TINA_INTERNAL__ marker in user-controlled YAML labels

Description Summary @tinacms/cli contains a Remote Code Execution vulnerability in its Forestry-to-Tina migration command. The internal helper addVariablesToCode unquotes any value matching the marker "TINAINTERNAL:::.?:::" inside the stringified collection JSON. User-supplied label and name fiel...

7.8CVSS6.2AI score0.0017EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.10 views

PT-2026-51059

Name of the Vulnerable Software and Affected Versions @tinacms/cli versions prior to 2.4.3 Description @tinacms/cli contains a Remote Code Execution issue in its Forestry-to-Tina migration command. The internal helper function addVariablesToCode unquotes any value matching the marker " TINA...

7.8CVSS6.1AI score0.0017EPSS
Exploits0References8
Rows per page
Query Builder