Lucene search
+L

5 matches found

OSV
OSV
added 2026/06/17 10:25 p.m.2 views

CVE-2026-44646 LiquidJS: `{% render %}` tag silently bypasses per-render `ownPropertyOnly:true` via `Context.spawn()`

LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. In versions 10.25.7 and below, Context.spawn creates a child Context for the % render % tag but does not propagate the parent context's resolved ownPropertyOnly value, resulting in a silent bypass. The new...

5.3CVSS5.9AI score0.00271EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:26 p.m.12 views

CVE-2026-39412

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.4, the sortnatural filter bypasses the ownPropertyOnly security option, allowing template authors to extract values of prototype-inherited properties through a sorting side-channel attack...

7.5CVSS5.5AI score0.00403EPSS
Exploits1References1
Snyk
Snyk
added 2026/05/27 12:28 a.m.13 views

Insecure Default Initialization of Resource

Overview liquidjs is an A simple, expressive, safe and Shopify compatible template engine in pure JavaScript. Affected versions of this package are vulnerable to Insecure Default Initialization of Resource in the Context.spawn function. An attacker can access prototype-chain properties of objects...

6.9CVSS5.8AI score0.00271EPSS
Exploits0References2
CVE
CVE
added 2026/04/08 7:39 p.m.24 views

CVE-2026-39412

CVE-2026-39412 — LiquidJS : The sort_natural filter bypasses the ownPropertyOnly security option, enabling template authors to disclose values of prototype-inherited properties via a sorting side-channel. This information disclosure affects LiquidJS versions before 10.25.4; the issue is fixed in ...

7.5CVSS5.9AI score0.00403EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.10 views

liquidjs 信息泄露漏洞

LiquidJS is a simple, expressive, secure, and compatible JavaScript template engine developed by Jun Yang. Versions of LiquidJS prior to 10.25.4 contained an information leakage vulnerability. This vulnerability stemmed from the sortnatural filter bypassing the ownPropertyOnly security option,...

7.5CVSS5.8AI score0.00403EPSS
Exploits1References4
Rows per page
Query Builder