@tinacms/graphql 2.2.0

Direct Vulnerabilities

Known vulnerabilities in the @tinacms/graphql package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Symlink Attack @tinacms/graphql is a GraphQL database generating component for Tina, the headless content management system with support for Markdown, MDX, JSON, YAML, and more. Affected versions of this package are vulnerable to Symlink Attack in the FilesystemBridge `get()`, `put()`, `delete()`, and `glob()` methods. An attacker can access, modify, or delete files outside the intended directory by leveraging existing symlinks or junctions within the allowed content root. How to fix Symlink Attack? Upgrade `@tinacms/graphql` to version 2.2.2 or higher.	<2.2.2
H Symlink Attack @tinacms/graphql is a GraphQL database generating component for Tina, the headless content management system with support for Markdown, MDX, JSON, YAML, and more. Affected versions of this package are vulnerable to Symlink Attack in the handling of media endpoints when symlinks or junctions exist within the media directory. An attacker can access, list, write, or delete files outside the intended media root by supplying crafted paths that traverse through existing links. How to fix Symlink Attack? Upgrade `@tinacms/graphql` to version 2.2.2 or higher.	<2.2.2
H Directory Traversal @tinacms/graphql is a GraphQL database generating component for Tina, the headless content management system with support for Markdown, MDX, JSON, YAML, and more. Affected versions of this package are vulnerable to Directory Traversal due to improper validation of backslashes on non-Windows platforms (Mac/Linux) in `getValidatedPath()` function. An attacker can overwrite arbitrary files and potentially execute malicious code by manipulating `relativePath` parameter in GraphQL mutations. How to fix Directory Traversal? Upgrade `@tinacms/graphql` to version 2.2.2 or higher.	<2.2.2

Vulnerability

Vulnerable Version

Symlink Attack

@tinacms/graphql is a GraphQL database generating component for Tina, the headless content management system with support for Markdown, MDX, JSON, YAML, and more.

Affected versions of this package are vulnerable to Symlink Attack in the FilesystemBridge get(), put(), delete(), and glob() methods. An attacker can access, modify, or delete files outside the intended directory by leveraging existing symlinks or junctions within the allowed content root.

How to fix Symlink Attack?

Upgrade @tinacms/graphql to version 2.2.2 or higher.

<2.2.2

Symlink Attack

@tinacms/graphql is a GraphQL database generating component for Tina, the headless content management system with support for Markdown, MDX, JSON, YAML, and more.

Affected versions of this package are vulnerable to Symlink Attack in the handling of media endpoints when symlinks or junctions exist within the media directory. An attacker can access, list, write, or delete files outside the intended media root by supplying crafted paths that traverse through existing links.

How to fix Symlink Attack?

Upgrade @tinacms/graphql to version 2.2.2 or higher.

<2.2.2

Directory Traversal

@tinacms/graphql is a GraphQL database generating component for Tina, the headless content management system with support for Markdown, MDX, JSON, YAML, and more.

Affected versions of this package are vulnerable to Directory Traversal due to improper validation of backslashes on non-Windows platforms (Mac/Linux) in getValidatedPath() function. An attacker can overwrite arbitrary files and potentially execute malicious code by manipulating relativePath parameter in GraphQL mutations.

How to fix Directory Traversal?

Upgrade @tinacms/graphql to version 2.2.2 or higher.

<2.2.2

@tinacms/graphql@2.2.0

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically