Path Traversal

LiquidJS is vulnerable to Path Traversal. The vulnerability is due to the path-based check for partial and layout roots, where a symlink to a file outside the allowed root can be loaded if it is placed inside an allowed partials or layouts directory, and attackers can exploit this by placing...

UNIX Symbolic Link (Symlink) Following

Overview liquidjs is an A simple, expressive, safe and Shopify compatible template engine in pure JavaScript. Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following through the include, render, and layout directories, when symlinks are placed within a trusted...

GHSA-56P5-8MHR-2FPH LiquidJS: Root restriction bypass for partial and layout loading through symlinked templates

Summary LiquidJS enforces partial and layout root restrictions using the resolved pathname string, but it does not resolve the canonical filesystem path before opening the file. A symlink placed inside an allowed partials or layouts directory can therefore point to a file outside that directory a...

PT-2026-31349

Summary LiquidJS enforces partial and layout root restrictions using the resolved pathname string, but it does not resolve the canonical filesystem path before opening the file. A symlink placed inside an allowed partials or layouts directory can therefore point to a file outside that directory a...

CVE-2026-34726

Copier is a library and CLI app for rendering project templates. Prior to version 9.14.1, Copier's subdirectory setting is documented as the subdirectory to use as the template root. However, the current implementation accepts parent-directory traversal such as .. and uses it directly when...

CVE-2026-34726

Summary: The CVE placeholder CVE-2026-34726 is related to a real vulnerability in Copier (GHSA-85V3-4M8G-HRH6) where the _subdirectory setting accepts parent-directory traversal (e.g., ..) and can escape the template root. This allows a template to render files from the parent directory instead o...

CVE-2026-34726 Copier `_subdirectory` allows template root escape via parent-directory traversal

Copier is a library and CLI app for rendering project templates. Prior to version 9.14.1, Copier's subdirectory setting is documented as the subdirectory to use as the template root. However, the current implementation accepts parent-directory traversal such as .. and uses it directly when...

CVE-2026-34726

Copier is a library and CLI app for rendering project templates. Prior to version 9.14.1, Copier's subdirectory setting is documented as the subdirectory to use as the template root. However, the current implementation accepts parent-directory traversal such as .. and uses it directly when...

CVE-2026-34726 Copier `_subdirectory` allows template root escape via parent-directory traversal

Copier is a library and CLI app for rendering project templates. Prior to version 9.14.1, Copier's subdirectory setting is documented as the subdirectory to use as the template root. However, the current implementation accepts parent-directory traversal such as .. and uses it directly when...

GHSA-85V3-4M8G-HRH6 Copier `_subdirectory` allows template root escape via parent-directory traversal

Summary Copier's subdirectory setting is documented as the subdirectory to use as the template root. However, the current implementation accepts parent-directory traversal such as .. and uses it directly when selecting the template root. As a result, a template can escape its own directory and ma...

Copier `_subdirectory` allows template root escape via parent-directory traversal

Summary Copier's subdirectory setting is documented as the subdirectory to use as the template root. However, the current implementation accepts parent-directory traversal such as .. and uses it directly when selecting the template root. As a result, a template can escape its own directory and ma...

PT-2026-29668

Name of the Vulnerable Software and Affected Versions Copier versions prior to 9.14.1 Description Copier's subdirectory setting, intended to specify the template root, incorrectly allows parent directory traversal sequences like ... This allows a template to escape its directory and render files...

Directory traversal

Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. Staff members could use the TemplateDetailView view to check the existence of arbitrary files. Additionally, if and only if the default admindocs templates have been...