CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

122 matches found

EUVD•added 2026/04/08 3:4 p.m.•1 views

EUVD-2026-20600

LiquidJS: ownPropertyOnly bypass via sortnatural filter — prototype property information disclosure through sorting side-channel...

5.3CVSS5.9AI score0.0002EPSS

Exploits1References4

Snyk•added 2026/04/08 3:4 p.m.•4 views

Improperly Implemented Security Check for Standard

Overview liquidjs is an A simple, expressive, safe and Shopify compatible template engine in pure JavaScript. Affected versions of this package are vulnerable to Improperly Implemented Security Check for Standard via the sortnatural and sort filters, which bypass the iownPropertyOnly security...

8.7CVSS5.8AI score0.0002EPSS

Exploits1References2

Snyk•added 2026/04/08 3:3 p.m.•2 views

UNIX Symbolic Link (Symlink) Following

Overview liquidjs is an A simple, expressive, safe and Shopify compatible template engine in pure JavaScript. Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following through the include, render, and layout directories, when symlinks are placed within a trusted...

8.2CVSS5.8AI score0.00074EPSS

Exploits1References2

Github Security Blog•added 2026/04/08 3:3 p.m.•3 views

LiquidJS: Root restriction bypass for partial and layout loading through symlinked templates

Summary LiquidJS enforces partial and layout root restrictions using the resolved pathname string, but it does not resolve the canonical filesystem path before opening the file. A symlink placed inside an allowed partials or layouts directory can therefore point to a file outside that directory a...

8.2CVSS6AI score0.00074EPSS

Exploits1References5Affected Software1

Github Security Blog•added 2026/04/08 3:0 p.m.•2 views

LiquidJS Has Memory Limit Bypass via Quadratic Amplification in `replace` Filter

Summary The replace filter in LiquidJS incorrectly accounts for memory usage when the memoryLimit option is enabled. It charges str.length + pattern.length + replacement.length bytes to the memory limiter, but the actual output from str.splitpattern.joinreplacement can be quadratically larger whe...

5.3CVSS6AI score0.00023EPSS

Exploits1References5Affected Software1

Snyk•added 2026/04/08 3:0 p.m.•1 views

Allocation of Resources Without Limits or Throttling

Overview liquidjs is an A simple, expressive, safe and Shopify compatible template engine in pure JavaScript. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the replace filter when the memoryLimit option is enabled. An attacker can...

6CVSS5.8AI score0.00023EPSS

Exploits1References2

EUVD•added 2026/04/08 3:0 p.m.•1 views

EUVD-2026-20554

LiquidJS Has Memory Limit Bypass via Quadratic Amplification in replace Filter...

3.7CVSS5.9AI score0.00023EPSS

Exploits1References3

CNNVD•added 2026/04/08 12:0 a.m.•3 views

liquidjs 安全漏洞

LiquidJS is a simple, expressive, secure, and compatible JavaScript template engine developed by Jun Yang. Versions of LiquidJS prior to 10.25.3 contained security vulnerabilities; these vulnerabilities stemmed from path-based checks instead of checking actual paths, which could lead to external...

8.2CVSS5.8AI score0.00074EPSS

Exploits1References3

Positive Technologies•added 2026/04/08 12:0 a.m.•3 views

PT-2026-31354

liquidjs 10.25.0 documents root as constraining filenames passed to renderFile and parseFile, but top-level file loads do not enforce that boundary. The published npm package [email protected] on Linux 6.17.0 with Node v22.22.1. A Liquid instance configured with an empty temporary directory as roo...

8.7CVSS6AI score0.00021EPSS

Exploits1References6

CNNVD•added 2026/04/08 12:0 a.m.•7 views

liquidjs 资源管理错误漏洞

LiquidJS is a simple, expressive, secure, and compatible JavaScript template engine developed by Jun Yang. Versions of LiquidJS prior to 10.25.3 had a resource management vulnerability, which stemmed from errors in memory usage calculations by the replace filter. This vulnerability could...

5.3CVSS5.8AI score0.00023EPSS

Exploits1References4

Positive Technologies•added 2026/04/08 12:0 a.m.•2 views

PT-2026-31349

8.2CVSS6AI score0.00074EPSS

Exploits1References5

CNNVD•added 2026/04/08 12:0 a.m.•4 views

liquidjs 路径遍历漏洞

LiquidJS is a simple, expressive, secure, and compatible JavaScript template engine developed by Jun Yang. Versions of LiquidJS prior to 10.25.3 had a path traversal vulnerability, which stemmed from the lack of enforcement of root directory restrictions, potentially allowing access to arbitrary...

7.5CVSS5.9AI score0.00021EPSS

Exploits0References2

RedhatCVE•added 2026/03/27 4:59 a.m.•1 views

CVE-2026-33285

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.1, LiquidJS's memoryLimit security mechanism can be completely bypassed by using reverse range expressions e.g., 100000000..1, allowing an attacker to allocate unlimited memory. Combined wit...

7.5CVSS5.8AI score0.00122EPSS

Exploits1References1

RedhatCVE•added 2026/03/27 4:59 a.m.•1 views

CVE-2026-33287

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.1, the replacefirst filter in LiquidJS uses JavaScript's String.prototype.replace which interprets $& as a back reference to the matched substring. The filter only charges memoryLimit for th...

7.5CVSS5.8AI score0.00039EPSS

Exploits1References1

RedhatCVE•added 2026/03/26 3:3 p.m.•4 views

CVE-2026-30952

liquidjs is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.0, the layout, render, and include tags allow arbitrary file access via absolute paths either as string literals or through Liquid variables, the latter require dynamicPartials: true, which is the...

8.7CVSS5.9AI score0.00021EPSS

Exploits1References1