Lucene search
K

23 matches found

NVD
NVD
β€’added 5 days agoβ€’5 views

CVE-2026-55865

Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.1, given a malformed % case % tag without an associated % when % or % else % block and no terminating % endcase % tag, Python Liquid hangs in an infinite loop at parse time because liquid.TokenStream.eof did not give...

7.1CVSS0.00451EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
β€’added 5 days agoβ€’7 views

CVE-2026-55865

Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.1, given a malformed % case % tag without an associated % when % or % else % block and no terminating % endcase % tag, Python Liquid hangs in an infinite loop at parse time because liquid.TokenStream.eof did not give...

7.1CVSS6AI score0.00451EPSS
Exploits0References4Affected Software1
CVE
CVE
β€’added 5 days agoβ€’15 views

CVE-2026-55865

CVE-2026-55865 concerns the Python Liquid template engine. Before version 2.2.1, a malformed {% case %} tag without a corresponding {% when %} or {% else %} and without a terminating {% endcase %} could cause an infinite loop during parsing, due to an incorrect EOF token handling in liquid.TokenS...

7.1CVSS6AI score0.00451EPSS
Exploits0References3
Cvelist
Cvelist
β€’added 5 days agoβ€’32 views

CVE-2026-55865 Python Liquid: Infinite loop when parsing malformed `{% case %}` tags

Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.1, given a malformed % case % tag without an associated % when % or % else % block and no terminating % endcase % tag, Python Liquid hangs in an infinite loop at parse time because liquid.TokenStream.eof did not give...

7.1CVSS0.00451EPSS
Exploits0References3
Snyk
Snyk
β€’added 2026/06/19 8:46 p.m.β€’5 views

Infinite loop

Overview python-liquid is an A Python engine for the Liquid template language. Affected versions of this package are vulnerable to Infinite loop in the % case % tag parsing logic, caused by an incorrect definition of the EOF token's kind and value in the TokenStream.eof attribute. A user who can...

7.1CVSS5.8AI score0.00451EPSS
Exploits0References2
OSV
OSV
β€’added 2026/06/19 8:46 p.m.β€’5 views

GHSA-VQ2F-VCC9-J8MV Python Liquid: Infinite loop when parsing malformed `{% case %}` tags

Impact Given a malformed % case % tag without associated % when % or % else % block, and no terminating % endcase % tag, Python Liquid hangs in an infinite loop at parse time. This allows malicious template authors to craft templates for a denial of service attack. Patches The issue is fixed in...

5.3CVSS5.8AI score0.00451EPSS
Exploits0References2
RedhatCVE
RedhatCVE
β€’added 2026/06/05 7:18 p.m.β€’14 views

CVE-2026-45017

Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.0, the built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and...

8.2CVSS5.6AI score0.00335EPSS
Exploits0References1
vulnersOsv
vulnersOsv
β€’added 2026/05/28 4:16 p.m.β€’6 views

blrec (>=1.8.0 <=2.0.0b5), dagster-looker (>=0.26.6 <=0.29.8) +6 more potentially affected by CVE-2026-45017 via python-liquid (>=1.10.2 <=2.0.2)

python-liquid PYPI version =1.10.2, =1.8.0, =0.26.6, =0.8.0, =0.1.1, =0.1.0, =0.1.0, =0.4.0, =0.0.1, =0.3.0 Source cves: CVE-2026-45017 Source advisory: OSV:PYSEC-2026-192...

8.2CVSS5.7AI score0.00335EPSS
Exploits0
PyPA
PyPA
β€’added 2026/05/28 4:16 p.m.β€’9 views

PYSEC-0000-CVE-2026-45017

Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.0, the built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and...

8.2CVSS5.9AI score0.00335EPSS
Exploits0References1Affected Software1
OSV
OSV
β€’added 2026/05/28 4:16 p.m.β€’9 views

PYSEC-2026-192

Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.0, the built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and...

7.5CVSS5.9AI score0.00335EPSS
Exploits0References1
PyPA
PyPA
β€’added 2026/05/28 4:16 p.m.β€’142 views

PYSEC-2026-192

Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.0, the built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and...

8.2CVSS5.9AI score0.00335EPSS
Exploits0References1Affected Software1
NVD
NVD
β€’added 2026/05/28 4:16 p.m.β€’28 views

CVE-2026-45017

Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.0, the built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and...

8.2CVSS0.00335EPSS
Exploits0References1
CVE
CVE
β€’added 2026/05/28 2:24 p.m.β€’37 views

CVE-2026-45017

CVE-2026-45017 affects the Python Liquid engine. Before 2.2.0, FileSystemLoader and CachingFileSystemLoader fail to guard against reading files outside the search path when given absolute paths, enabling a malicious template author to load and render arbitrary files via {% include %} and {% rende...

8.2CVSS5.9AI score0.00335EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
β€’added 2026/05/28 2:24 p.m.β€’35 views

CVE-2026-45017 Python Liquid: Absolute paths escape filesystem loader search path

Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.0, the built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and...

8.2CVSS0.00335EPSS
Exploits0References1
Vulnrichment
Vulnrichment
β€’added 2026/05/28 2:24 p.m.β€’11 views

CVE-2026-45017 Python Liquid: Absolute paths escape filesystem loader search path

Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.0, the built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and...

8.2CVSS5.9AI score0.00335EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
β€’added 2026/05/28 2:24 p.m.β€’10 views

CVE-2026-45017

Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.0, the built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and...

8.2CVSS5.9AI score0.00335EPSS
Exploits0References2Affected Software1
EUVD
EUVD
β€’added 2026/05/28 2:24 p.m.β€’19 views

EUVD-2026-32907

Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.0, the built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and...

8.2CVSS5.9AI score0.00335EPSS
Exploits0References1
Positive Technologies
Positive Technologies
β€’added 2026/05/28 12:0 a.m.β€’10 views

PT-2026-45982

Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.0, the built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and...

7.5CVSS5.9AI score
Exploits0References2
CNNVD
CNNVD
β€’added 2026/05/28 12:0 a.m.β€’12 views

Python Liquid θ·―εΎ„ιεŽ†ζΌζ΄ž

Python Liquid is a Python engine developed by James for processing Liquid templates. Versions of Python Liquid prior to 2.2.0 had a path traversal vulnerability. This vulnerability stemmed from the lack of protection in FileSystemLoader and CachingFileSystemLoader against reading absolute paths,...

8.2CVSS5.8AI score0.00335EPSS
Exploits0References1
vulnersOsv
vulnersOsv
β€’added 2026/05/11 2:57 p.m.β€’7 views

pharia-inference-sdk (=0.1.0) potentially affected by CVE-2026-45017 via python-liquid (=2.0.2)

python-liquid PYPI version =2.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on python-liquid and may be impacted: - pharia-inference-sdk =0.1.0 Source cves: CVE-2026-45017 Source advisory: SNYK:PYTHON-PYTHONLIQUID-16734457...

8.2CVSS5.8AI score0.00335EPSS
Exploits0
Rows per page
Query Builder