3 matches found
CVE-2026-34166 LiquidJS has a Memory Limit Bypass via Quadratic Amplification in `replace` Filter
LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.3, the replace filter in LiquidJS incorrectly accounts for memory usage when the memoryLimit option is enabled. It charges str.length + pattern.length + replacement.length bytes to the memory limite...
CVE-2026-30952
liquidjs is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.0, the layout, render, and include tags allow arbitrary file access via absolute paths either as string literals or through Liquid variables, the latter require dynamicPartials: true, which is the...
Vulnerabilities of the Red Hat Enterprise Linux operating system, which allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information
The multiple vulnerabilities in the netpbm-progs-10.25 package of the Red Hat Enterprise Linux operating system can be exploited, resulting in a violation of the confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...