Tina search token leaked via lock file (tina-lock.json) in TinaCMS. Sites building with @tinacms/cli < 1.6.2 that use a search token are impacted.
If your Tina-enabled website has search setup, you should rotate that key immediately.
This issue has been patched in @tinacms/cli@1.6.2
Upgrading, and rotating search token is required for the proper fix.
https://github.com/tinacms/tinacms/pull/4758
{ "nvd_published_at": "2024-09-03T20:15:08Z", "cwe_ids": [ "CWE-200", "CWE-312" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2024-09-03T19:41:59Z" }