漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
tinacms vulnerable to arbitrary code execution
Vulnerability Description
Tina is a headless content management system. In tinacms prior to version 3.1.1, tinacms uses the gray-matter package in an insecure way allowing attackers that can control the content of the processed markdown files, e.g., blog posts, to execute arbitrary code. tinacms version 3.1.1, @tinacms/cli version 2.0.4, and @tinacms/graphql version 2.0.3 contain a fix for the issue.
CVSS Information
N/A
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Vulnerability Title
TinaCMS 代码注入漏洞
Vulnerability Description
TinaCMS是Tina开源的一个用于 Markdown、MDX 和 JSON 的开源无头 CMS。 TinaCMS 3.1.1之前版本存在代码注入漏洞,该漏洞源于gray-matter包使用不当,可能导致执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A