ГлавнаяУязвимости → CVE-2026-33949
8.1высокая

CVE-2026-33949

Описание

Tina is a headless content management system. Prior to version 2.2.2, a path traversal vulnerability in @tinacms/graphql allows unauthenticated users to write and overwrite arbitrary files within the project root. This is achieved by manipulating the relativePath parameter in GraphQL mutations. The impact includes the ability to replace critical server configuration files and potentially execute arbitrary commands by sabotaging build script. This issue has been patched in version 2.2.2.

Затрагиваемое ПО
Ssw Tinacms\/graphql
CVSS
Балл8.1 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Источники
https://github.com/tinacms/tinacms/security/advisories/GHSA-v9p7-gf3q-h779