Lucene search
K

138 matches found

OSV
OSV
added 2026/03/26 12:33 a.m.4 views

CVE-2026-33287 LiquidJS has Exponential Memory Amplification through its replace_first Filter $& Pattern

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.1, the replacefirst filter in LiquidJS uses JavaScript's String.prototype.replace which interprets $& as a back reference to the matched substring. The filter only charges memoryLimit for th...

7.5CVSS5.9AI score0.00471EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/03/26 12:33 a.m.9 views

CVE-2026-33287

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.1, the replacefirst filter in LiquidJS uses JavaScript's String.prototype.replace which interprets $& as a back reference to the matched substring. The filter only charges memoryLimit for th...

7.5CVSS5.8AI score0.00471EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/26 12:33 a.m.2 views

CVE-2026-33287 LiquidJS has Exponential Memory Amplification through its replace_first Filter $& Pattern

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.1, the replacefirst filter in LiquidJS uses JavaScript's String.prototype.replace which interprets $& as a back reference to the matched substring. The filter only charges memoryLimit for th...

7.5CVSS5.8AI score0.00471EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.8 views

liquidjs 安全漏洞

LiquidJS is a simple, expressive, secure, and compatible JavaScript template engine developed by Jun Yang. Versions of LiquidJS prior to 10.25.1 contained a security vulnerability, which stemmed from the use of the String.prototype.replace method in the replaceFirst filter and improper memory lim...

7.5CVSS5.8AI score0.00471EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.9 views

liquidjs 资源管理错误漏洞

LiquidJS is a simple, expressive, secure, and compatible JavaScript template engine developed by Jun Yang. Versions of LiquidJS prior to 10.25.1 contained a resource management vulnerability. This vulnerability stemmed from the memoryLimit security mechanism being bypassed by reverse range...

7.5CVSS5.8AI score0.00398EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/03/25 5:44 p.m.12 views

LiquidJS has Exponential Memory Amplification through its replace_first Filter $& Pattern

Summary The replacefirst filter in LiquidJS uses JavaScript's String.prototype.replace which interprets $& as a backreference to the matched substring. The filter only charges memoryLimit for the input string length, not the amplified output. An attacker can achieve exponential memory amplificati...

7.5CVSS5.9AI score0.00471EPSS
Exploits1References4Affected Software1
vulnersOsv
vulnersOsv
added 2026/03/25 5:44 p.m.6 views

@11ty/eleventy (=3.0.0-alpha.16), @agiflowai/aicode-toolkit (>=0.6.0 <=1.0.24) +60 more potentially affected by CVE-2026-33287 via liquidjs (>=10.10.0 <=10.24.0)

liquidjs NPM version =10.10.0, =0.6.0, =0.1.0, =0.0.0, =1.0.1-beta.0, =1.6.3, =3.11.0, =3.11.0, =3.11.0, =1.1.0, =15.0.0, =34.0.0 - @fahami/directus-pkce =1.0.0 and more Source cves: CVE-2026-33287 Source advisory: OSV:GHSA-6Q5M-63H6-5X4V...

7.5CVSS5.4AI score0.00471EPSS
Exploits1
EUVD
EUVD
added 2026/03/25 5:44 p.m.7 views

EUVD-2026-16064

LiquidJS has Exponential Memory Amplification through its replacefirst Filter $& Pattern...

7.5CVSS5.8AI score0.00471EPSS
Exploits1References2
OSV
OSV
added 2026/03/25 5:44 p.m.5 views

GHSA-6Q5M-63H6-5X4V LiquidJS has Exponential Memory Amplification through its replace_first Filter $& Pattern

Summary The replacefirst filter in LiquidJS uses JavaScript's String.prototype.replace which interprets $& as a backreference to the matched substring. The filter only charges memoryLimit for the input string length, not the amplified output. An attacker can achieve exponential memory amplificati...

7.5CVSS6AI score0.00471EPSS
Exploits1References4
Snyk
Snyk
added 2026/03/25 5:44 p.m.5 views

Allocation of Resources Without Limits or Throttling

Overview liquidjs is an A simple, expressive, safe and Shopify compatible template engine in pure JavaScript. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the replacefirst function. An attacker can exhaust system memory and disru...

8.7CVSS5.9AI score0.00471EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2026/03/25 5:40 p.m.7 views

@11ty/eleventy (=3.0.0-alpha.16), @agiflowai/aicode-toolkit (>=0.6.0 <=1.0.24) +60 more potentially affected by CVE-2026-33285 via liquidjs (>=10.10.0 <=10.24.0)

liquidjs NPM version =10.10.0, =0.6.0, =0.1.0, =0.0.0, =1.0.1-beta.0, =1.6.3, =3.11.0, =3.11.0, =3.11.0, =1.1.0, =15.0.0, =34.0.0 - @fahami/directus-pkce =1.0.0 and more Source cves: CVE-2026-33285 Source advisory: OSV:GHSA-9R5M-9576-7F6X...

7.5CVSS5.4AI score0.00398EPSS
Exploits1
EUVD
EUVD
added 2026/03/25 5:40 p.m.4 views

EUVD-2026-16062

LiquidJS: memoryLimit Bypass through Negative Range Values Leads to Process Crash...

7.5CVSS5.8AI score0.00398EPSS
Exploits1References2
OSV
OSV
added 2026/03/25 5:40 p.m.3 views

GHSA-9R5M-9576-7F6X LiquidJS: memoryLimit Bypass through Negative Range Values Leads to Process Crash

Summary LiquidJS's memoryLimit security mechanism can be completely bypassed by using reverse range expressions e.g., 100000000..1, allowing an attacker to allocate unlimited memory. Combined with a string flattening operation e.g., replace filter, this causes a V8 Fatal error that crashes the...

7.5CVSS6.1AI score0.00398EPSS
Exploits1References4
Snyk
Snyk
added 2026/03/25 5:40 p.m.3 views

Allocation of Resources Without Limits or Throttling

Overview liquidjs is an A simple, expressive, safe and Shopify compatible template engine in pure JavaScript. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through improper validation of range values in the use function. An attacker can...

8.7CVSS5.9AI score0.00398EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.12 views

PT-2026-28162

Name of the Vulnerable Software and Affected Versions LiquidJS versions prior to 10.25.1 Description LiquidJS’s memoryLimit security feature can be bypassed using reverse range expressions e.g., 100000000..1, allowing an attacker to allocate unlimited memory. When combined with a string flattenin...

7.5CVSS5.8AI score0.00398EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.11 views

PT-2026-28163

Name of the Vulnerable Software and Affected Versions LiquidJS versions prior to 10.25.1 Description LiquidJS is susceptible to a denial of service condition due to insufficient memory limit enforcement within the replace first filter. The filter utilizes JavaScript's String.prototype.replace,...

7.5CVSS5.8AI score0.00471EPSS
Exploits1References5
GithubExploit
GithubExploit
added 2026/03/11 9:4 a.m.152 views

Exploit for CVE-2026-30952

CVE-2026-30952: LiquidJS Path Traversal PoC This repository c...

8.7CVSS5.8AI score0.00557EPSS
Exploits1
NVD
NVD
added 2026/03/10 9:16 p.m.5 views

CVE-2026-30952

liquidjs is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.0, the layout, render, and include tags allow arbitrary file access via absolute paths either as string literals or through Liquid variables, the latter require dynamicPartials: true, which is the...

8.7CVSS0.00557EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/03/10 8:25 p.m.28 views

CVE-2026-30952 liquidjs has a path traversal fallback vulnerability

liquidjs is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.0, the layout, render, and include tags allow arbitrary file access via absolute paths either as string literals or through Liquid variables, the latter require dynamicPartials: true, which is the...

8.7CVSS0.00557EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/03/10 8:25 p.m.5 views

CVE-2026-30952

liquidjs is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.0, the layout, render, and include tags allow arbitrary file access via absolute paths either as string literals or through Liquid variables, the latter require dynamicPartials: true, which is the...

8.7CVSS5.9AI score0.00557EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder