@tinacms/cli@1.0.1 vulnerabilities

The _Tina Cloud CLI_ can be used to set up your project with Tina Cloud configuration, and run a local version of the Tina Cloud content-api (using your file system's content). For a real-world example of how this is being used checkout the [Tina Cloud St

latest version

1.6.11
latest non vulnerable version

1.6.11
first published

3 years ago
latest version published

14 days ago
licenses detected
- Apache-2.0
  >=0
View @tinacms/cli package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the @tinacms/cli package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H Information Exposure @tinacms/cli is a The Tina Cloud CLI can be used to set up your project with Tina Cloud configuration, and run a local version of the Tina Cloud content-api (using your file system's content). For a real-world example of how this is being used checkout the [Tina Cloud St Affected versions of this package are vulnerable to Information Exposure in the `tina-lock.json` file. An attacker can access the search token by exploiting the insecure storage of this token in the lock file. Note: If Tina-enabled website has search setup, rotating search token is required for the proper fix. How to fix Information Exposure? Upgrade `@tinacms/cli` to version 1.6.2 or higher.	<1.6.2
H Information Exposure @tinacms/cli is a The Tina Cloud CLI can be used to set up your project with Tina Cloud configuration, and run a local version of the Tina Cloud content-api (using your file system's content). For a real-world example of how this is being used checkout the [Tina Cloud St Affected versions of this package are vulnerable to Information Exposure when storing sensitive values in the process.env variable. These values will be added in plaintext to the index.js file. How to fix Information Exposure? Upgrade `@tinacms/cli` to version 1.0.9 or higher.	>=1.0.0 <1.0.9

Information Exposure

@tinacms/cli is a The Tina Cloud CLI can be used to set up your project with Tina Cloud configuration, and run a local version of the Tina Cloud content-api (using your file system's content). For a real-world example of how this is being used checkout the [Tina Cloud St

Affected versions of this package are vulnerable to Information Exposure in the tina-lock.json file. An attacker can access the search token by exploiting the insecure storage of this token in the lock file.

Note: If Tina-enabled website has search setup, rotating search token is required for the proper fix.

How to fix Information Exposure?

Upgrade @tinacms/cli to version 1.6.2 or higher.

<1.6.2

Information Exposure

Affected versions of this package are vulnerable to Information Exposure when storing sensitive values in the process.env variable. These values will be added in plaintext to the index.js file.

How to fix Information Exposure?

Upgrade @tinacms/cli to version 1.0.9 or higher.

>=1.0.0 <1.0.9

Go back to all versions of this package

@tinacms/cli@1.0.1 vulnerabilities

The _Tina Cloud CLI_ can be used to set up your project with Tina Cloud configuration, and run a local version of the Tina Cloud content-api (using your file system's content). For a real-world example of how this is being used checkout the [Tina Cloud St

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities