Lucene search
K

138 matches found

vulnersOsv
vulnersOsv
added 2026/05/27 6:24 p.m.9 views

@11ty/eleventy (=3.0.0-alpha.16), @agiflowai/aicode-toolkit (>=0.6.0 <=1.1.0) +95 more potentially affected by CVE-2026-45618 via liquidjs (>=10.10.0 <=10.25.7)

liquidjs NPM version =10.10.0, =0.6.0, =0.1.0, =0.0.0, =0.5.5, =0.8.0, =1.0.1, =1.6.3, =3.11.0, =3.11.0, =3.11.0, =1.0.0, =1.0.0-beta.5 - @clairview/api =23.1.0 and more Source cves: CVE-2026-45618 Source advisory: OSV:GHSA-GF2Q-C269-PQGC...

5.7AI score0.00089EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/05/27 6:24 p.m.132 views

LiquidJS is Vulnerable to Remote Code Execution

Summary It is possible to execute arbitrary code with crafted templates Details 1|valueOf - this when evaluating the filter liquid %assign r=1|valueOf% r|inspect json...

6.2AI score0.00089EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/05/27 6:8 p.m.7 views

GHSA-R7G9-XPMJ-5FCQ LiquidJS Vulnerable to ReDoS via Quadratic Backtracking in `strip_html` Filter Regex

Summary The built-in striphtml filter in liquidjs uses a regex containing four lazy-quantified alternatives. When the input contains many |||/g, '' The regex contains four lazy patterns: 1. 2. 3. 4. For an input like 'script'.repeatN, the engine encounters N starting positions. At each one it mus...

7.5CVSS5.8AI score0.00385EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2026/05/27 6:8 p.m.6 views

@11ty/eleventy (=3.0.0-alpha.16), @agiflowai/aicode-toolkit (>=0.6.0 <=1.1.0) +95 more potentially affected by CVE-2026-45617 via liquidjs (>=10.10.0 <=10.25.7)

liquidjs NPM version =10.10.0, =0.6.0, =0.1.0, =0.0.0, =0.5.5, =0.8.0, =1.0.1, =1.6.3, =3.11.0, =3.11.0, =3.11.0, =1.0.0, =1.0.0-beta.5 - @clairview/api =23.1.0 and more Source cves: CVE-2026-45617 Source advisory: OSV:GHSA-R7G9-XPMJ-5FCQ...

7.5CVSS5.7AI score0.00385EPSS
Exploits0
OSV
OSV
added 2026/05/27 5:33 p.m.9 views

GHSA-HH27-HF48-9F5Q LiquidJS has a memory and render limit bypass via unbounded width padding in `date` filter (strftime)

Summary The date filter's strftime implementation parses width specifiers like %9999999d and forwards the captured width unchecked into pad/padStart in src/util/underscore.ts. The pad loop performs unbounded string concatenation without consulting the Context's memoryLimit or renderLimit, so a...

7.5CVSS5.8AI score0.00385EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/05/27 5:33 p.m.8 views

@11ty/eleventy (=3.0.0-alpha.16), @agiflowai/aicode-toolkit (>=0.6.0 <=1.1.0) +95 more potentially affected by CVE-2026-45357 via liquidjs (>=10.10.0 <=10.25.7)

liquidjs NPM version =10.10.0, =0.6.0, =0.1.0, =0.0.0, =0.5.5, =0.8.0, =1.0.1, =1.6.3, =3.11.0, =3.11.0, =3.11.0, =1.0.0, =1.0.0-beta.5 - @clairview/api =23.1.0 and more Source cves: CVE-2026-45357 Source advisory: OSV:GHSA-HH27-HF48-9F5Q...

7.5CVSS5.7AI score0.00385EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/27 12:28 a.m.8 views

@11ty/eleventy (=3.0.0-alpha.16), @agiflowai/aicode-toolkit (>=0.6.0 <=1.1.0) +95 more potentially affected by CVE-2026-44646 via liquidjs (>=10.10.0 <=10.25.7)

liquidjs NPM version =10.10.0, =0.6.0, =0.1.0, =0.0.0, =0.5.5, =0.8.0, =1.0.1, =1.6.3, =3.11.0, =3.11.0, =3.11.0, =1.0.0, =1.0.0-beta.5 - @clairview/api =23.1.0 and more Source cves: CVE-2026-44646 Source advisory: OSV:GHSA-9X9P-QF8F-MVJG...

5.3CVSS5.7AI score0.00271EPSS
Exploits0
Snyk
Snyk
added 2026/05/27 12:28 a.m.13 views

Insecure Default Initialization of Resource

Overview liquidjs is an A simple, expressive, safe and Shopify compatible template engine in pure JavaScript. Affected versions of this package are vulnerable to Insecure Default Initialization of Resource in the Context.spawn function. An attacker can access prototype-chain properties of objects...

6.9CVSS5.8AI score0.00271EPSS
Exploits0References2
OSV
OSV
added 2026/05/27 12:28 a.m.9 views

GHSA-9X9P-QF8F-MVJG LiquidJS's `{% render %}` tag silently bypasses per-render `ownPropertyOnly:true` via `Context.spawn()`

Summary Context.spawn in liquidjs creates a child Context for the % render % tag but does not propagate the parent context's resolved ownPropertyOnly value. The new context re-derives ownPropertyOnly from opts.ownPropertyOnly the instance-level option, silently discarding any...

5.3CVSS5.8AI score0.00271EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/05/27 12:11 a.m.8 views

@11ty/eleventy (=3.0.0-alpha.16), @agiflowai/aicode-toolkit (>=0.6.0 <=1.1.0) +95 more potentially affected by CVE-2026-44645 via liquidjs (>=10.10.0 <=10.25.7)

liquidjs NPM version =10.10.0, =0.6.0, =0.1.0, =0.0.0, =0.5.5, =0.8.0, =1.0.1, =1.6.3, =3.11.0, =3.11.0, =3.11.0, =1.0.0, =1.0.0-beta.5 - @clairview/api =23.1.0 and more Source cves: CVE-2026-44645 Source advisory: OSV:GHSA-8XX9-69P8-7JP3...

6.5CVSS5.7AI score0.00317EPSS
Exploits0
Snyk
Snyk
added 2026/05/27 12:11 a.m.12 views

Denial of Service (DoS)

Overview liquidjs is an A simple, expressive, safe and Shopify compatible template engine in pure JavaScript. Affected versions of this package are vulnerable to Denial of Service DoS through the renderTemplates function when the for or tablerow tag is used with an empty body. An attacker can...

7.1CVSS5.8AI score0.00317EPSS
Exploits0References2
OSV
OSV
added 2026/05/27 12:11 a.m.9 views

GHSA-8XX9-69P8-7JP3 LiquidJS has a renderLimit DoS guard bypass via empty `{% for %}` body

Summary The renderLimit option — documented in docs/source/tutorials/dos.md as the mechanism that "mitigates this by limiting the time consumed by each render call" — can be fully bypassed by a % for % or % tablerow % tag whose body is empty. The per-iteration time check is reached only when the...

6.5CVSS5.8AI score0.00317EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/05/27 12:9 a.m.7 views

@11ty/eleventy (=3.0.0-alpha.16), @agiflowai/aicode-toolkit (>=0.6.0 <=1.1.0) +95 more potentially affected by CVE-2026-44644 via liquidjs (>=10.10.0 <=10.25.7)

liquidjs NPM version =10.10.0, =0.6.0, =0.1.0, =0.0.0, =0.5.5, =0.8.0, =1.0.1, =1.6.3, =3.11.0, =3.11.0, =3.11.0, =1.0.0, =1.0.0-beta.5 - @clairview/api =23.1.0 and more Source cves: CVE-2026-44644 Source advisory: OSV:GHSA-2QV6-9WX5-CWV4...

6.1CVSS5.7AI score0.00203EPSS
Exploits0
OSV
OSV
added 2026/05/27 12:9 a.m.19 views

GHSA-2QV6-9WX5-CWV4 LiquidJS's strip_html filter bypass via newline characters in HTML tags enables XSS

Summary The striphtml filter in liquidjs is intended to remove HTML tags from a string before rendering, and is widely used as an XSS sanitizer. The implementation uses a regex whose catch-all branch does not match line terminators, so any HTML tag containing a \n or \r character passes through...

6.1CVSS6AI score0.00203EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/27 12:9 a.m.32 views

LiquidJS's strip_html filter bypass via newline characters in HTML tags enables XSS

Summary The striphtml filter in liquidjs is intended to remove HTML tags from a string before rendering, and is widely used as an XSS sanitizer. The implementation uses a regex whose catch-all branch does not match line terminators, so any HTML tag containing a \n or \r character passes through...

6.1CVSS6AI score0.00203EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.14 views

PT-2026-44157

Name of the Vulnerable Software and Affected Versions liquidjs versions prior to 10.26.0 Description An issue allows unauthenticated attackers to achieve remote code execution and server compromise through crafted templates. The flaw is triggered by abusing filter evaluation, prototype...

10CVSS6.5AI score0.00089EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.11 views

PT-2026-44156

Name of the Vulnerable Software and Affected Versions LiquidJS versions prior to 10.26.0 Description The built-in strip html filter uses a regular expression containing four flawed lazy-quantified alternatives. When processing input with numerous script, style, or !-- opener tokens that lack...

7.5CVSS5.2AI score0.00385EPSS
Exploits0References7
Circl
Circl
added 2026/05/24 1:22 p.m.14 views

CVE-2026-45617

creationtimestamp| type| source ---|---|--- 2026-05-24 13:22:51+00:00| published-proof-of-concept| https://github.com/harttle/liquidjs/security/advisories/GHSA-r7g9-xpmj-5fcq...

7.5CVSS5.8AI score0.00385EPSS
Exploits0References1
Circl
Circl
added 2026/05/24 1:22 p.m.12 views

CVE-2026-45618

creationtimestamp| type| source ---|---|--- 2026-05-24 13:22:43+00:00| published-proof-of-concept| https://github.com/harttle/liquidjs/security/advisories/GHSA-gf2q-c269-pqgc...

5.8AI score0.00089EPSS
Exploits0References1
Circl
Circl
added 2026/05/24 1:22 p.m.11 views

CVE-2026-45357

creationtimestamp| type| source ---|---|--- 2026-05-24 13:22:38+00:00| published-proof-of-concept| https://github.com/harttle/liquidjs/security/advisories/GHSA-hh27-hf48-9f5q...

7.5CVSS5.8AI score0.00385EPSS
Exploits0References1
Rows per page
Query Builder