Headline
GHSA-4qrm-9h4r-v2fx: Tina search token leak via lock file in TinaCMS
Impact
Tina search token leaked via lock file (tina-lock.json) in TinaCMS. Sites building with @tinacms/cli < 1.6.2 that use a search token are impacted.
If your Tina-enabled website has search setup, you should rotate that key immediately.
Patches
This issue has been patched in @tinacms/[email protected]
Workarounds
Upgrading, and rotating search token is required for the proper fix.
References
https://github.com/tinacms/tinacms/pull/4758
Skip to content
Navigation Menu
Actions
Automate any workflow
Packages
Host and manage packages
Security
Find and fix vulnerabilities
Codespaces
Instant dev environments
GitHub Copilot
Write better code with AI
Code review
Manage code changes
Issues
Plan and track work
Discussions
Collaborate outside of code
Explore
- Learning Pathways
- White papers, Ebooks, Webinars
- Customer Stories
- Partners
GitHub Sponsors
Fund open source developers
* The ReadME Project
GitHub community articles
Enterprise platform
AI-powered developer platform
- Pricing
Provide feedback
Saved searches****Use saved searches to filter your results more quickly
Sign up
- GitHub Advisory Database
- GitHub Reviewed
- CVE-2024-45391
Tina search token leak via lock file in TinaCMS
High severity GitHub Reviewed Published Sep 3, 2024 in tinacms/tinacms • Updated Sep 3, 2024
Package
npm @tinacms/cli (npm)
Affected versions
< 1.6.2
Description
Impact
Tina search token leaked via lock file (tina-lock.json) in TinaCMS. Sites building with @tinacms/cli < 1.6.2 that use a search token are impacted.
If your Tina-enabled website has search setup, you should rotate that key immediately.
Patches
This issue has been patched in @tinacms/[email protected]
Workarounds
Upgrading, and rotating search token is required for the proper fix.
References
tinacms/tinacms#4758
References
- GHSA-4qrm-9h4r-v2fx
- tinacms/tinacms#4758
- tinacms/tinacms@110f1ce
Published to the GitHub Advisory Database
Sep 3, 2024