3 matches found
@tinacms/app (>=0.0.0-00aadfd-20260223215804 <=2.3.26), @tinacms/cli (>=0.0.0-00aadfd-20260223215804 <=2.1.7) +7 more potentially affected by CVE-2026-29066 via @tinacms/schema-tools (>=2.0.0 <=2.6.0)
@tinacms/schema-tools NPM version =2.0.0, =0.0.0-00aadfd-20260223215804, =0.0.0-00aadfd-20260223215804, =0.0.0-00aadfd-20260223215804, =0.0.0-00aadfd-20260223215804, =2.0.0, =0.0.0-00aadfd-20260223215804, =0.0.0-00aadfd-20260223215804, =0.0.0-00aadfd-20260223215804, =0.0.0-00aadfd-20260223215804,...
Files or Directories Accessible to External Parties
Overview Affected versions of this package are vulnerable to Files or Directories Accessible to External Parties via the dev server configuration when server.fs.strict is set to false. An attacker can access sensitive files on the host system by sending crafted requests to the development server...
@tinacms/app (>=0.0.0-00aadfd-20260223215804 <=2.3.26), @tinacms/cli (>=0.0.0-00aadfd-20260223215804 <=2.1.7) +7 more potentially affected by CVE-2026-28792 via @tinacms/schema-tools (>=2.0.0 <=2.6.0)
@tinacms/schema-tools NPM version =2.0.0, =0.0.0-00aadfd-20260223215804, =0.0.0-00aadfd-20260223215804, =0.0.0-00aadfd-20260223215804, =0.0.0-00aadfd-20260223215804, =2.0.0, =0.0.0-00aadfd-20260223215804, =0.0.0-00aadfd-20260223215804, =0.0.0-00aadfd-20260223215804, =0.0.0-00aadfd-20260223215804,...