Homepage

@tinacms/cli@0.0.0-20240925051019 vulnerabilities

The _Tina Cloud CLI_ can be used to set up your project with Tina Cloud configuration, and run a local version of the Tina Cloud content-api (using your file system's content). For a real-world example of how this is being used checkout the [Tina Cloud St

  • latest version

    1.8.0

  • latest non vulnerable version

    1.8.0

  • first published

    3 years ago

  • latest version published

    13 days ago

  • View cli package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the @tinacms/cli package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Information Exposure

    @tinacms/cli is a The Tina Cloud CLI can be used to set up your project with Tina Cloud configuration, and run a local version of the Tina Cloud content-api (using your file system's content). For a real-world example of how this is being used checkout the [Tina Cloud St

    Affected versions of this package are vulnerable to Information Exposure in the tina-lock.json file. An attacker can access the search token by exploiting the insecure storage of this token in the lock file.

    Note: If Tina-enabled website has search setup, rotating search token is required for the proper fix.

    How to fix Information Exposure?

    Upgrade @tinacms/cli to version 1.6.2 or higher.

    <1.6.2
    Go back to all versions of this package