18 matches found
GHSA-VQ2F-VCC9-J8MV Python Liquid: Infinite loop when parsing malformed `{% case %}` tags
Impact Given a malformed % case % tag without associated % when % or % else % block, and no terminating % endcase % tag, Python Liquid hangs in an infinite loop at parse time. This allows malicious template authors to craft templates for a denial of service attack. Patches The issue is fixed in...
CVE-2026-45017
Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.0, the built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and...
PYSEC-0000-CVE-2026-45017
Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.0, the built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and...
CVE-2026-45017
Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.0, the built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and...
blrec (>=1.8.0 <=2.0.0b5), dagster-looker (>=0.26.6 <=0.29.7) +6 more potentially affected by CVE-2026-45017 via python-liquid (>=1.10.2 <=2.0.2)
python-liquid PYPI version =1.10.2, =1.8.0, =0.26.6, =0.8.0, =0.1.1, =0.1.0, =0.1.0, =0.4.0, =0.0.1, =0.3.0 Source cves: CVE-2026-45017 Source advisory: OSV:PYSEC-2026-192...
PYSEC-2026-192
Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.0, the built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and...
PYSEC-2026-192
Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.0, the built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and...
CVE-2026-45017 Python Liquid: Absolute paths escape filesystem loader search path
Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.0, the built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and...
EUVD-2026-32907
Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.0, the built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and...
CVE-2026-45017
CVE-2026-45017 affects the Python Liquid engine. Before 2.2.0, FileSystemLoader and CachingFileSystemLoader fail to guard against reading files outside the search path when given absolute paths, enabling a malicious template author to load and render arbitrary files via {% include %} and {% rende...
CVE-2026-45017
Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.0, the built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and...
CVE-2026-45017 Python Liquid: Absolute paths escape filesystem loader search path
Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.0, the built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and...
Python Liquid θ·―εΎιεζΌζ΄
Python Liquid is a Python engine developed by James for processing Liquid templates. Versions of Python Liquid prior to 2.2.0 had a path traversal vulnerability. This vulnerability stemmed from the lack of protection in FileSystemLoader and CachingFileSystemLoader against reading absolute paths,...
PT-2026-45982
Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.0, the built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and...
blrec (>=1.8.0 <=2.0.0b5), dagster-looker (>=0.26.6 <=0.29.7) +6 more potentially affected by CVE-2026-45017 via python-liquid (>=1.10.2 <=2.0.2)
python-liquid PYPI version =1.10.2, =1.8.0, =0.26.6, =0.8.0, =0.1.1, =0.1.0, =0.1.0, =0.4.0, =0.0.1, =0.3.0 Source cves: CVE-2026-45017 Source advisory: OSV:GHSA-8P4X-WR7X-3788...
pharia-inference-sdk (=0.1.0) potentially affected by CVE-2026-45017 via python-liquid (=2.0.2)
python-liquid PYPI version =2.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on python-liquid and may be impacted: - pharia-inference-sdk =0.1.0 Source cves: CVE-2026-45017 Source advisory: SNYK:PYTHON-PYTHONLIQUID-16734457...
Directory Traversal
Overview python-liquid is an A Python engine for the Liquid template language. Affected versions of this package are vulnerable to Directory Traversal via the FileSystemLoader and CachingFileSystemLoader components. An attacker can access and render arbitrary files outside the intended search pat...
GHSA-8P4X-WR7X-3788 python-liquid: Absolute paths escape filesystem loader search path
Impact The built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and render arbitrary files via the % include % and % render % tags. Targeted files...