CVE-2026-34166 LiquidJS has a Memory Limit Bypass via Quadratic Amplification in `replace` Filter
LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.3, the replace filter in LiquidJS incorrectly accounts for memory usage when the memoryLimit option is enabled. It charges str.length + pattern.length + replacement.length bytes to the memory limite...