CVE-2026-39859 LiquidJS has a renderFile() / parseFile() bypass configured root and allow arbitrary file read

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.3, liquidjs 10.25.0 documents root as constraining filenames passed to renderFile and parseFile, but top-level file loads do not enforce that boundary. A Liquid instance configured with an empty...

EUVD-2026-20611

LiquidJS: renderFile / parseFile bypass configured root and allow arbitrary file read...

Arbitrary Code Execution

Overview swig-templates is an A simple, powerful, and extendable templating engine for node.js and browsers, similar to Django, Jinja2, and Twig. Affected versions of this package are vulnerable to Arbitrary Code Execution via the renderFile method. Note: The following conditions are required to...

Arbitrary File Read

Overview swig-templates is an A simple, powerful, and extendable templating engine for node.js and browsers, similar to Django, Jinja2, and Twig. Affected versions of this package are vulnerable to Arbitrary File Read via the renderFile method. PoC 1.html html % extends '../../../../../etc/passwd...

GHSA-XRH7-M5PP-39R6 XSS Attack with Express API

Impact XSS attack - anyone using the Express API is impacted Patches The problem has been resolved. Users should upgrade to version 2.0.0. Workarounds Don't pass user supplied data directly to res.renderFile. References Are there any links users can visit to find out more? See...

Arbitrary Code Injection

Amendment This was deemed not a vulnerability. Overview ejs is a popular JavaScript templating engine. Affected versions of this package are vulnerable to Arbitrary Code Injection via the render and renderFile. If external input is flowing into the options parameter, an attacker is able run...

GHSA-HWCF-PP87-7X6P mde ejs vulnerable to XSS

nodejs ejs version older than 2.5.5 is vulnerable to a Cross-site-scripting in the ejs.renderFile resulting in code injection...

Denial Of Service (DoS)

ejs is vulnerable to denial of service DoS attacks. The library does not sanitize the opts parameter in the ejs.renderFile function, allowing a malicious user to pass files that when rendered can crash the application...

UBUNTU-CVE-2017-1000188

nodejs ejs version older than 2.5.5 is vulnerable to a Cross-site-scripting in the ejs.renderFile resulting in code injection...

DEBIAN-CVE-2017-1000189

nodejs ejs version older than 2.5.5 is vulnerable to a denial-of-service due to weak input validation in the ejs.renderFile...

UBUNTU-CVE-2017-1000189

nodejs ejs version older than 2.5.5 is vulnerable to a denial-of-service due to weak input validation in the ejs.renderFile...

DEBIAN-CVE-2017-1000228

nodejs ejs versions older than 2.5.3 is vulnerable to remote code execution due to weak input validation in ejs.renderFile function...

CVE-2017-1000188

nodejs ejs version older than 2.5.5 is vulnerable to a Cross-site-scripting in the ejs.renderFile resulting in code injection...

nodejs ejs denial of service vulnerability

nodejs ejs is an embedded JavaScript template with flow control, customizable delimiters and escaped output. A security vulnerability exists in the 'ejs.renderFile' function in nodejs ejs versions prior to 2.5.5, which stems from weak input validation. An attacker can exploit the vulnerability to...

ThinkSNS任意代码执行漏洞

简要描述： 代码执行漏洞 详细说明： 漏洞文件： /addons/widget/FeedListWidget/FeedlistWidget.class.php 漏洞函数： getData getData函数位于/addons/widget/FeedListWidget/FeedlistWidget.class.php 在第262行处调用renderFile函数进行渲染模版。 private function getData$var, $tpl = 'FeedList.html' $var'feedkey' = t$var'feedkey'; $var'cancomment' =...