CVE-2023-25164 (tinacms)

Tinacms is a Git-backed headless content management system with support for visual editing. Sites being built with @tinacms/cli >= 1.0.0 && < 1.0.9 which store sensitive values in the process.env variable are impacted. These values will be added in plaintext to the index.js file. If you're on a version prior to 1.0.0 this vulnerability does not affect you. If you are affected and your Tina-enabled website has sensitive credentials stored as environment variables (eg. Algolia API keys) you should rotate …

1.0.0 algolia algolia api amp api api keys cli credentials cve environment file git headless headless content management system keys management plaintext process store support system variable version visual editing vulnerability website