Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
tinacms vulnerable to arbitrary code execution
Vulnerability Description
Tina is a headless content management system. In tinacms prior to version 3.1.1, tinacms uses the gray-matter package in an insecure way allowing attackers that can control the content of the processed markdown files, e.g., blog posts, to execute arbitrary code. tinacms version 3.1.1, @tinacms/cli version 2.0.4, and @tinacms/graphql version 2.0.3 contain a fix for the issue.
CVSS Information
N/A
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Vulnerability Title
TinaCMS 代码注入漏洞
Vulnerability Description
TinaCMS是Tina开源的一个用于 Markdown、MDX 和 JSON 的开源无头 CMS。 TinaCMS 3.1.1之前版本存在代码注入漏洞,该漏洞源于gray-matter包使用不当,可能导致执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A