@tinacms/app is vulnerable to Information Disclosure. The vulnerability exists because the viteBuild
function in index.ts
exposes environment variables to index.js
, allowing an attacker to use a read only token to gain access to sensitive information.