5 matches found
CVE-2026-44646 LiquidJS: `{% render %}` tag silently bypasses per-render `ownPropertyOnly:true` via `Context.spawn()`
LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. In versions 10.25.7 and below, Context.spawn creates a child Context for the % render % tag but does not propagate the parent context's resolved ownPropertyOnly value, resulting in a silent bypass. The new...
CVE-2026-39412
LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.4, the sortnatural filter bypasses the ownPropertyOnly security option, allowing template authors to extract values of prototype-inherited properties through a sorting side-channel attack...
Insecure Default Initialization of Resource
Overview liquidjs is an A simple, expressive, safe and Shopify compatible template engine in pure JavaScript. Affected versions of this package are vulnerable to Insecure Default Initialization of Resource in the Context.spawn function. An attacker can access prototype-chain properties of objects...
CVE-2026-39412
CVE-2026-39412 — LiquidJS : The sort_natural filter bypasses the ownPropertyOnly security option, enabling template authors to disclose values of prototype-inherited properties via a sorting side-channel. This information disclosure affects LiquidJS versions before 10.25.4; the issue is fixed in ...
liquidjs 信息泄露漏洞
LiquidJS is a simple, expressive, secure, and compatible JavaScript template engine developed by Jun Yang. Versions of LiquidJS prior to 10.25.4 contained an information leakage vulnerability. This vulnerability stemmed from the sortnatural filter bypassing the ownPropertyOnly security option,...