2 matches found
CVE-2022-25948
CVE-2022-25948 affects liquidjs prior to 10.0.0, where Information Exposure occurs when ownPropertyOnly is set to False, leaking prototype properties. Public details in connected docs specify the affected software (liquidjs) and the root cause (prototype property leakage via ownPropertyOnly). The...
CVE-2022-25948 Information Exposure
The package liquidjs before 10.0.0 are vulnerable to Information Exposure when ownPropertyOnly parameter is set to False, which results in leaking properties of a prototype. Workaround For versions 9.34.0 and higher, an option to disable this functionality is provided...