CNNVD-202512-3436 Information

CNNVD ID

CNNVD-202512-3436

Related CVE

CVE-2025-68278

• CNNVD Published: 2025-12-18

Description (Chinese)

TinaCMS是Tina开源的一个用于 Markdown、MDX 和 JSON 的开源无头 CMS。 TinaCMS 3.1.1之前版本存在代码注入漏洞，该漏洞源于gray-matter包使用不当，可能导致执行任意代码。

Description (English)

TinaCMS is an open CMS for Markdown, MDX and JSON. The previous version of TinaCMS 3.1.1 had a code-infusion loophole, which stemmed from the inappropriate use of the Gray-Matter package and could lead to the implementation of any code.

Hazard Level

High

Vulnerability Type

代码注入

Affected Vendor

Tina

Published

2025-12-18

Last Modified

2026-02-24

References

https://github.com/tinacms/tinacms/commit/fa7c27abef968e3f3a3e7d564f282bc566087569 https://github.com/tinacms/tinacms/security/advisories/GHSA-529f-9qwm-9628

Patch

https://github.com/tinacms/tinacms/releases