24 matches found
CVE-2026-41311
LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.7, a circular block reference in % layout % / % block % causes an infinite recursive loop, consuming all available memory 4GB and crashing the Node.js process with FATAL ERROR: JavaScript he...
CVE-2026-41311
Vulnerability: CVE-2026-41311 affects LiquidJS (Shopify/GitHub Pages compatible template engine). Before 10.25.7, a circular reference in {% layout %} / {% block %} can trigger infinite recursion, exhausting memory (~4 GB) and crashing the Node.js process. Impact: Denial of Service from user-subm...
CVE-2026-41311
LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.7, a circular block reference in % layout % / % block % causes an infinite recursive loop, consuming all available memory 4GB and crashing the Node.js process with FATAL ERROR: JavaScript he...
EUVD-2026-28886
LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.7, a circular block reference in % layout % / % block % causes an infinite recursive loop, consuming all available memory 4GB and crashing the Node.js process with FATAL ERROR: JavaScript he...
Uncontrolled Recursion
Overview liquidjs is an A simple, expressive, safe and Shopify compatible template engine in pure JavaScript. Affected versions of this package are vulnerable to Uncontrolled Recursion through a circular reference in the block.ts during OUTPUT mode. An attacker can cause the application to enter ...
GHSA-4RC3-7J7W-M548 liquidjs has a Denial of Service via circular block reference in layout
Summary A circular block reference in % layout % / % block % causes an infinite recursive loop, consuming all available memory 4GB and crashing the Node.js process with FATAL ERROR: JavaScript heap out of memory. This allows any user who can submit a Liquid template to perform a Denial of Service...
openSUSE 15 Security Update : ImageMagick (SUSE-SU-2026:0061-1)
The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0061-1 advisory. - CVE-2025-68618: read a malicious SVG file may result in a DoS attack bsc1255821. - CVE-2025-68950: check for circular references in mvg files may...
EUVD-2020-6022
Malware in sbrugna...
CVE-2020-13807
An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has circular reference mishandling that causes a loop...
CVE-2023-5236 Infinispan: circular reference on marshalling leads to dos
A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. An authenticated attacker with sufficient permissions could insert a maliciously constructed object into the cache and use it to cause out of memory errors and achieve a denial of service...
CVE-2023-5236 Infinispan: circular reference on marshalling leads to dos
A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. An authenticated attacker with sufficient permissions could insert a maliciously constructed object into the cache and use it to cause out of memory errors and achieve a denial of service...
Moderate: Red Hat Security Advisory: Red Hat Data Grid 8.4.4 security update
An update for Red Hat Data Grid 8 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...
Security Bulletin: Potential SSL/TLS-related denial of service vulnerability in IBM Informix Server (CVE-2013-6747)
Summary An SSL/TLS connection initiated using a malformed certificate chain from a Client or Server could contain a circular reference. The circular reference can cause the chain building logic to loop and lead to an engine crash or an engine hang when it runs out of memory. Vulnerability Details...
Security Bulletin: Potential SSL/TLS-related denial of service vulnerability in GSKit used with IBM Informix Client Software Development Kit (CSDK) (CVE-2013-6747)
Summary An SSL/TLS connection initiated using a malformed certificate chain from a Client or Server could contain a circular reference. The circular reference can cause the chain building logic to loop and lead to an engine crash or an engine hang when it runs out of memory. Vulnerability Details...
CVE-2020-13807
An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has circular reference mishandling that causes a loop...
CVE-2020-13807
An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has circular reference mishandling that causes a loop...
Design/Logic Flaw
An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has circular reference mishandling that causes a loop...
CVE-2020-13807
An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has circular reference mishandling that causes a loop...
CVE-2020-13807
An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has circular reference mishandling that causes a loop...
CVE-2020-13807
The vulnerability CVE-2020-13807 affects Foxit Reader and PhantomPDF up to version 9.7.2, caused by circular-reference mishandling that can produce a loop. Documented details specify the affected products and the root cause as circular references, with an impact description indicating a loop, but...