Lucene search
+L

4 matches found

Github Security Blog
Github Security Blog
added yesterday6 views

Prompty: Arbitrary code execution via JavaScript frontmatter in TypeScript loader

Summary The TypeScript Prompty loader used gray-matter without overriding executable frontmatter engines. gray-matter supports JavaScript frontmatter blocks such as ---js and evaluates them while parsing. An attacker-controlled .prompty file could therefore execute arbitrary JavaScript during...

8.7CVSS5.7AI score0.0093EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2025/12/18 6:45 p.m.7 views

Arbitrary Code Injection

Overview tinacms is a headless content management system with support for Markdown, MDX, JSON, YAML, and more. Affected versions of this package are vulnerable to Arbitrary Code Injection via the improper use of gray-matter package. An attacker can execute arbitrary code on the server by submitti...

8.6CVSS8AI score0.00408EPSS
Exploits1References2
NVD
NVD
added 2025/12/18 4:15 p.m.11 views

CVE-2025-68278

Tina is a headless content management system. In tinacms prior to version 3.1.1, tinacms uses the gray-matter package in an insecure way allowing attackers that can control the content of the processed markdown files, e.g., blog posts, to execute arbitrary code. tinacms version 3.1.1, @tinacms/cl...

8.8CVSS0.00408EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.11 views

PT-2025-52257

Name of the Vulnerable Software and Affected Versions Tina versions prior to 3.1.1 Description Tina is a headless content management system. Versions of Tina prior to 3.1.1 improperly utilize the gray-matter package, potentially allowing attackers who control the content of markdown files—such as...

8.6CVSS7AI score0.00408EPSS
Exploits1References7
Rows per page
Query Builder