Lucene search
K

425 matches found

OSV
OSV
added 2026/04/08 3:0 p.m.2 views

GHSA-MMG9-6M6J-JQQX LiquidJS Has Memory Limit Bypass via Quadratic Amplification in `replace` Filter

Summary The replace filter in LiquidJS incorrectly accounts for memory usage when the memoryLimit option is enabled. It charges str.length + pattern.length + replacement.length bytes to the memory limiter, but the actual output from str.splitpattern.joinreplacement can be quadratically larger whe...

3.7CVSS5.9AI score0.00495EPSS
Exploits1References5
EUVD
EUVD
added 2026/04/08 3:0 p.m.4 views

EUVD-2026-20554

LiquidJS Has Memory Limit Bypass via Quadratic Amplification in replace Filter...

3.7CVSS5.9AI score0.00495EPSS
Exploits1References3
Snyk
Snyk
added 2026/04/08 3:0 p.m.4 views

Allocation of Resources Without Limits or Throttling

Overview liquidjs is an A simple, expressive, safe and Shopify compatible template engine in pure JavaScript. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the replace filter when the memoryLimit option is enabled. An attacker can...

6CVSS5.8AI score0.00495EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/04/08 3:0 p.m.9 views

LiquidJS Has Memory Limit Bypass via Quadratic Amplification in `replace` Filter

Summary The replace filter in LiquidJS incorrectly accounts for memory usage when the memoryLimit option is enabled. It charges str.length + pattern.length + replacement.length bytes to the memory limiter, but the actual output from str.splitpattern.joinreplacement can be quadratically larger whe...

5.3CVSS6AI score0.00495EPSS
Exploits1References5Affected Software1
EUVD
EUVD
added 2026/04/07 3:30 p.m.5 views

EUVD-2026-19648

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGI requests with a missing or understated Content-Length header could bypass the DATAUPLOADMAXMEMORYSIZE limit when reading HttpRequest.body, allowing remote attackers to load an unbounded request body into...

7.5CVSS5.9AI score0.00769EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/04/07 3:30 p.m.10 views

Django: SGI requests with a missing or understated `Content-Length` header could bypass the `DATA_UPLOAD_MAX_MEMORY_SIZE` limit

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGI requests with a missing or understated Content-Length header could bypass the DATAUPLOADMAXMEMORYSIZE limit when reading HttpRequest.body, allowing remote attackers to load an unbounded request body into...

7.5CVSS5.9AI score0.00769EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/04/07 3:17 p.m.11 views

PYSEC-2026-49

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGI requests with a missing or understated Content-Length header could bypass the DATAUPLOADMAXMEMORYSIZE limit when reading HttpRequest.body, allowing remote attackers to load an unbounded request body into...

7.5CVSS5.8AI score0.00769EPSS
Exploits0References4
OSV
OSV
added 2026/04/07 3:17 p.m.3 views

DEBIAN-CVE-2026-33034

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGI requests with a missing or understated Content-Length header could bypass the DATAUPLOADMAXMEMORYSIZE limit when reading HttpRequest.body, allowing remote attackers to load an unbounded request body into...

7.5CVSS5.4AI score0.00769EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/04/07 2:22 p.m.9 views

CVE-2026-33034

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGI requests with a missing or understated Content-Length header could bypass the DATAUPLOADMAXMEMORYSIZE limit when reading HttpRequest.body, allowing remote attackers to load an unbounded request body into...

7.5CVSS5.8AI score0.00769EPSS
Exploits0
OSV
OSV
added 2026/04/07 2:0 p.m.4 views

UBUNTU-CVE-2026-33034

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGI requests with a missing or understated Content-Length header could bypass the DATAUPLOADMAXMEMORYSIZE limit when reading HttpRequest.body, allowing remote attackers to load an unbounded request body into...

7.5CVSS5.8AI score0.00769EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/07 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-33034

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGI requests with a missing or understated Content-Length header could...

7.5CVSS5.8AI score0.00769EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.6 views

PT-2026-30851

Name of the Vulnerable Software and Affected Versions Django versions 4.2 through 4.2.29, 5.2 through 5.2.12, and 6.0 through 6.0.3 Description ASGI requests lacking or underreporting the Content-Length header may bypass the DATA UPLOAD MAX MEMORY SIZE limit when processing HttpRequest.body,...

7.8CVSS5.8AI score0.00769EPSS
Exploits0References158
NVD
NVD
added 2026/03/26 1:16 a.m.5 views

CVE-2026-33285

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.1, LiquidJS's memoryLimit security mechanism can be completely bypassed by using reverse range expressions e.g., 100000000..1, allowing an attacker to allocate unlimited memory. Combined wit...

7.5CVSS0.00398EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/26 12:34 a.m.32 views

CVE-2026-33285 LiquidJS: memoryLimit Bypass through Negative Range Values Leads to Process Crash

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.1, LiquidJS's memoryLimit security mechanism can be completely bypassed by using reverse range expressions e.g., 100000000..1, allowing an attacker to allocate unlimited memory. Combined wit...

7.5CVSS0.00398EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/26 12:34 a.m.2 views

CVE-2026-33285 LiquidJS: memoryLimit Bypass through Negative Range Values Leads to Process Crash

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.1, LiquidJS's memoryLimit security mechanism can be completely bypassed by using reverse range expressions e.g., 100000000..1, allowing an attacker to allocate unlimited memory. Combined wit...

7.5CVSS5.9AI score0.00398EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/26 12:34 a.m.1 views

CVE-2026-33285

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.1, LiquidJS's memoryLimit security mechanism can be completely bypassed by using reverse range expressions e.g., 100000000..1, allowing an attacker to allocate unlimited memory. Combined wit...

7.5CVSS5.8AI score0.00398EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/03/26 12:34 a.m.21 views

CVE-2026-33285

CVE-2026-33285 concerns LiquidJS (template engine for Shopify/GitHub Pages). Vulnerability: memoryLimit protection can be bypassed by reverse range expressions (e.g., (100000000..1)), allowing unbounded memory allocation. When combined with string flattening operations (e.g., replace filter), thi...

7.5CVSS5.8AI score0.00398EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/03/26 12:34 a.m.8 views

CVE-2026-33285 LiquidJS: memoryLimit Bypass through Negative Range Values Leads to Process Crash

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.1, LiquidJS's memoryLimit security mechanism can be completely bypassed by using reverse range expressions e.g., 100000000..1, allowing an attacker to allocate unlimited memory. Combined wit...

7.5CVSS5.9AI score0.00398EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.8 views

liquidjs 安全漏洞

LiquidJS is a simple, expressive, secure, and compatible JavaScript template engine developed by Jun Yang. Versions of LiquidJS prior to 10.25.1 contained a security vulnerability, which stemmed from the use of the String.prototype.replace method in the replaceFirst filter and improper memory lim...

7.5CVSS5.8AI score0.00471EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/03/25 5:44 p.m.12 views

LiquidJS has Exponential Memory Amplification through its replace_first Filter $& Pattern

Summary The replacefirst filter in LiquidJS uses JavaScript's String.prototype.replace which interprets $& as a backreference to the matched substring. The filter only charges memoryLimit for the input string length, not the amplified output. An attacker can achieve exponential memory amplificati...

7.5CVSS5.9AI score0.00471EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder