5 matches found
CVE-2026-55575 LiquidJS: `pop` filter bypasses `memoryLimit` accounting that its array-filter siblings enforce
LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.27.1, the pop array filter at src/filters/array.ts allocated a full clone of its input array via ...toArrayv without calling this.context.memoryLimit.use..., allowing a template render such as hugearra...
CVE-2026-55575
LiquidJS (template engine for Shopify/GitHub Pages) has a vulnerability in the pop array filter prior to 10.27.1: the code path allocates a full clone of the input array with [...toArray(v)] without invoking this.context.memoryLimit.use(...), allowing a template render like {{ huge_array | pop }}...
CVE-2026-55575 LiquidJS: `pop` filter bypasses `memoryLimit` accounting that its array-filter siblings enforce
LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.27.1, the pop array filter at src/filters/array.ts allocated a full clone of its input array via ...toArrayv without calling this.context.memoryLimit.use..., allowing a template render such as hugearra...
EUVD-2009-3850
Malware in sbrugna...
CVE-2009-3879
CVE-2009-3879 affects Sun Java SE 5.0 (before Update 22) and 6 (before Update 17) and OpenJDK, in the X11GraphicsDevice and related components. The issue stems from failure to clone arrays returned by getConfigurations, potentially exposing sensitive information or allowing unintended access to g...