@tinacms/cli@0.62.3 vulnerabilities

The _Tina Cloud CLI_ can be used to set up your project with Tina Cloud configuration, and run a local version of the Tina Cloud content-api (using your file system's content). For a real-world example of how this is being used checkout the [Tina Cloud St

Direct Vulnerabilities

Known vulnerabilities in the @tinacms/cli package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Information Exposure

@tinacms/cli is a The Tina Cloud CLI can be used to set up your project with Tina Cloud configuration, and run a local version of the Tina Cloud content-api (using your file system's content). For a real-world example of how this is being used checkout the [Tina Cloud St

Affected versions of this package are vulnerable to Information Exposure in the tina-lock.json file. An attacker can access the search token by exploiting the insecure storage of this token in the lock file.

Note: If Tina-enabled website has search setup, rotating search token is required for the proper fix.

How to fix Information Exposure?

Upgrade @tinacms/cli to version 1.6.2 or higher.

<1.6.2