Lucene search
K

137 matches found

EUVD
EUVD
added 2026/04/08 3:0 p.m.4 views

EUVD-2026-20554

LiquidJS Has Memory Limit Bypass via Quadratic Amplification in replace Filter...

3.7CVSS5.9AI score0.00495EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/04/08 3:0 p.m.6 views

LiquidJS Has Memory Limit Bypass via Quadratic Amplification in `replace` Filter

Summary The replace filter in LiquidJS incorrectly accounts for memory usage when the memoryLimit option is enabled. It charges str.length + pattern.length + replacement.length bytes to the memory limiter, but the actual output from str.splitpattern.joinreplacement can be quadratically larger whe...

5.3CVSS6AI score0.00495EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.5 views

PT-2026-31354

liquidjs 10.25.0 documents root as constraining filenames passed to renderFile and parseFile, but top-level file loads do not enforce that boundary. The published npm package [email protected] on Linux 6.17.0 with Node v22.22.1. A Liquid instance configured with an empty temporary directory as roo...

8.7CVSS6AI score0.00557EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.4 views

PT-2026-31349

Summary LiquidJS enforces partial and layout root restrictions using the resolved pathname string, but it does not resolve the canonical filesystem path before opening the file. A symlink placed inside an allowed partials or layouts directory can therefore point to a file outside that directory a...

8.2CVSS6AI score0.00396EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.7 views

liquidjs 安全漏洞

LiquidJS is a simple, expressive, secure, and compatible JavaScript template engine developed by Jun Yang. Versions of LiquidJS prior to 10.25.3 contained security vulnerabilities; these vulnerabilities stemmed from path-based checks instead of checking actual paths, which could lead to external...

8.2CVSS5.8AI score0.00396EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.10 views

liquidjs 资源管理错误漏洞

LiquidJS is a simple, expressive, secure, and compatible JavaScript template engine developed by Jun Yang. Versions of LiquidJS prior to 10.25.3 had a resource management vulnerability, which stemmed from errors in memory usage calculations by the replace filter. This vulnerability could...

5.3CVSS5.8AI score0.00495EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.9 views

liquidjs 路径遍历漏洞

LiquidJS is a simple, expressive, secure, and compatible JavaScript template engine developed by Jun Yang. Versions of LiquidJS prior to 10.25.3 had a path traversal vulnerability, which stemmed from the lack of enforcement of root directory restrictions, potentially allowing access to arbitrary...

7.5CVSS5.9AI score0.00447EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/27 4:59 a.m.3 views

CVE-2026-33285

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.1, LiquidJS's memoryLimit security mechanism can be completely bypassed by using reverse range expressions e.g., 100000000..1, allowing an attacker to allocate unlimited memory. Combined wit...

7.5CVSS5.8AI score0.00398EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/27 4:59 a.m.2 views

CVE-2026-33287

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.1, the replacefirst filter in LiquidJS uses JavaScript's String.prototype.replace which interprets $& as a back reference to the matched substring. The filter only charges memoryLimit for th...

7.5CVSS5.8AI score0.00471EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:3 p.m.7 views

CVE-2026-30952

liquidjs is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.0, the layout, render, and include tags allow arbitrary file access via absolute paths either as string literals or through Liquid variables, the latter require dynamicPartials: true, which is the...

8.7CVSS5.9AI score0.00557EPSS
Exploits1References1
NVD
NVD
added 2026/03/26 1:16 a.m.5 views

CVE-2026-33285

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.1, LiquidJS's memoryLimit security mechanism can be completely bypassed by using reverse range expressions e.g., 100000000..1, allowing an attacker to allocate unlimited memory. Combined wit...

7.5CVSS0.00398EPSS
Exploits1References2
NVD
NVD
added 2026/03/26 1:16 a.m.5 views

CVE-2026-33287

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.1, the replacefirst filter in LiquidJS uses JavaScript's String.prototype.replace which interprets $& as a back reference to the matched substring. The filter only charges memoryLimit for th...

7.5CVSS0.00471EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/26 12:34 a.m.2 views

CVE-2026-33285 LiquidJS: memoryLimit Bypass through Negative Range Values Leads to Process Crash

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.1, LiquidJS's memoryLimit security mechanism can be completely bypassed by using reverse range expressions e.g., 100000000..1, allowing an attacker to allocate unlimited memory. Combined wit...

7.5CVSS5.9AI score0.00398EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/26 12:34 a.m.30 views

CVE-2026-33285 LiquidJS: memoryLimit Bypass through Negative Range Values Leads to Process Crash

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.1, LiquidJS's memoryLimit security mechanism can be completely bypassed by using reverse range expressions e.g., 100000000..1, allowing an attacker to allocate unlimited memory. Combined wit...

7.5CVSS0.00398EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/26 12:34 a.m.1 views

CVE-2026-33285

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.1, LiquidJS's memoryLimit security mechanism can be completely bypassed by using reverse range expressions e.g., 100000000..1, allowing an attacker to allocate unlimited memory. Combined wit...

7.5CVSS5.8AI score0.00398EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/03/26 12:34 a.m.7 views

CVE-2026-33285 LiquidJS: memoryLimit Bypass through Negative Range Values Leads to Process Crash

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.1, LiquidJS's memoryLimit security mechanism can be completely bypassed by using reverse range expressions e.g., 100000000..1, allowing an attacker to allocate unlimited memory. Combined wit...

7.5CVSS5.9AI score0.00398EPSS
Exploits1References4
CVE
CVE
added 2026/03/26 12:34 a.m.15 views

CVE-2026-33285

CVE-2026-33285 concerns LiquidJS (template engine for Shopify/GitHub Pages). Vulnerability: memoryLimit protection can be bypassed by reverse range expressions (e.g., (100000000..1)), allowing unbounded memory allocation. When combined with string flattening operations (e.g., replace filter), thi...

7.5CVSS5.8AI score0.00398EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/03/26 12:33 a.m.19 views

CVE-2026-33287

LiquidJS has a vulnerability where the replace_first filter uses String.prototype.replace(), causing $& expansions to inflate output without counting against memoryLimit. This can yield exponential memory amplification (up to ~625,000:1) and denial of service. Publicly documented details show the...

7.5CVSS5.8AI score0.00471EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/26 12:33 a.m.9 views

CVE-2026-33287

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.1, the replacefirst filter in LiquidJS uses JavaScript's String.prototype.replace which interprets $& as a back reference to the matched substring. The filter only charges memoryLimit for th...

7.5CVSS5.8AI score0.00471EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/26 12:33 a.m.2 views

CVE-2026-33287 LiquidJS has Exponential Memory Amplification through its replace_first Filter $& Pattern

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.1, the replacefirst filter in LiquidJS uses JavaScript's String.prototype.replace which interprets $& as a back reference to the matched substring. The filter only charges memoryLimit for th...

7.5CVSS5.8AI score0.00471EPSS
Exploits1References2
Rows per page
Query Builder