CVE-2026-44646 LiquidJS: `{% render %}` tag silently bypasses per-render `ownPropertyOnly:true` via `Context.spawn()`

LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. In versions 10.25.7 and below, Context.spawn creates a child Context for the % render % tag but does not propagate the parent context's resolved ownPropertyOnly value, resulting in a silent bypass. The new...

CVE-2026-44646

LiquidJS CVE-2026-44646: TheContext.spawn() path used by {% render %} creates a child Context without propagating the parent’s resolved ownPropertyOnly value, causing per-render overrides to be discarded inside partials. This enables prototype-chain property access in rendered partials when top-l...

GHSA-9X9P-QF8F-MVJG LiquidJS's `{% render %}` tag silently bypasses per-render `ownPropertyOnly:true` via `Context.spawn()`

Summary Context.spawn in liquidjs creates a child Context for the % render % tag but does not propagate the parent context's resolved ownPropertyOnly value. The new context re-derives ownPropertyOnly from opts.ownPropertyOnly the instance-level option, silently discarding any...

LiquidJS's `{% render %}` tag silently bypasses per-render `ownPropertyOnly:true` via `Context.spawn()`

Summary Context.spawn in liquidjs creates a child Context for the % render % tag but does not propagate the parent context's resolved ownPropertyOnly value. The new context re-derives ownPropertyOnly from opts.ownPropertyOnly the instance-level option, silently discarding any...

PT-2026-43626

Name of the Vulnerable Software and Affected Versions LiquidJS versions 10.25.7 and earlier Description An issue exists in the Context.spawn function where it fails to propagate the parent context's resolved ownPropertyOnly value when creating a child context for the % render % tag. Instead, the...

CVE-2026-39412

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.4, the sortnatural filter bypasses the ownPropertyOnly security option, allowing template authors to extract values of prototype-inherited properties through a sorting side-channel attack...

CVE-2026-39412 LiquidJS has an ownPropertyOnly bypass via sort_natural filter — prototype property information disclosure through sorting side-channel

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.4, the sortnatural filter bypasses the ownPropertyOnly security option, allowing template authors to extract values of prototype-inherited properties through a sorting side-channel attack...

CVE-2026-39412 LiquidJS has an ownPropertyOnly bypass via sort_natural filter — prototype property information disclosure through sorting side-channel

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.4, the sortnatural filter bypasses the ownPropertyOnly security option, allowing template authors to extract values of prototype-inherited properties through a sorting side-channel attack...

GHSA-RV5G-F82M-QRVV LiquidJS: ownPropertyOnly bypass via sort_natural filter — prototype property information disclosure through sorting side-channel

Summary The sortnatural filter bypasses the ownPropertyOnly security option, allowing template authors to extract values of prototype-inherited properties through a sorting side-channel attack. Applications relying on ownPropertyOnly: true as a security boundary e.g., multi-tenant template system...

EUVD-2022-7496

Malicious code in bioql PyPI...

CVE-2022-25948 Information Exposure

The package liquidjs before 10.0.0 are vulnerable to Information Exposure when ownPropertyOnly parameter is set to False, which results in leaking properties of a prototype. Workaround For versions 9.34.0 and higher, an option to disable this functionality is provided...

Information Disclosure

liquidjs is vulnerable to information disclosure. The vulnerability exists in the readProperty function in context.ts, which will result in leaking properties of a prototype when the ownpropertyonly parameter is set to false...

CVE-2022-25948

The package liquidjs before 10.0.0 are vulnerable to Information Exposure when ownPropertyOnly parameter is set to False, which results in leaking properties of a prototype. Workaround For versions 9.34.0 and higher, an option to disable this functionality is provided...

Information disclosure

The package liquidjs before 10.0.0 are vulnerable to Information Exposure when ownPropertyOnly parameter is set to False, which results in leaking properties of a prototype. Workaround For versions 9.34.0 and higher, an option to disable this functionality is provided...

liquidjs 信息泄露漏洞

liquidjs is a simple, expressive, secure and Shopify-compatible pure JavaScript template engine by Jun Yang. A security vulnerability exists in liquidjs versions prior to 10.0.0, which stems from the vulnerability to information exposure when the ownPropertyOnly parameter is set to False, leading...

Information Exposure

Overview liquidjs is an A simple, expressive, safe and Shopify compatible template engine in pure JavaScript. Affected versions of this package are vulnerable to Information Exposure when ownPropertyOnly parameter is set to False, which results in leaking properties of a prototype. Workaround For...