5 matches found
CVE-2026-39412 LiquidJS has an ownPropertyOnly bypass via sort_natural filter — prototype property information disclosure through sorting side-channel
LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.4, the sortnatural filter bypasses the ownPropertyOnly security option, allowing template authors to extract values of prototype-inherited properties through a sorting side-channel attack...
PT-2026-31351
Summary The sort natural filter bypasses the ownPropertyOnly security option, allowing template authors to extract values of prototype-inherited properties through a sorting side-channel attack. Applications relying on ownPropertyOnly: true as a security boundary e.g., multi-tenant template syste...
CVE-2024-20302
A vulnerability in the tenant security implementation of Cisco Nexus Dashboard Orchestrator NDO could allow an authenticated, remote attacker to modify or delete tenant templates on an affected system. This vulnerability is due to improper access controls within tenant security. An attacker who i...
CVE-2024-20302
A vulnerability in the tenant security implementation of Cisco Nexus Dashboard Orchestrator NDO could allow an authenticated, remote attacker to modify or delete tenant templates on an affected system. This vulnerability is due to improper access controls within tenant security. An attacker who i...
PT-2024-3820 · Cisco · Cisco Nexus Dashboard Orchestrator
Name of the Vulnerable Software and Affected Versions: Cisco Nexus Dashboard Orchestrator affected versions not specified Description: A vulnerability in the tenant security implementation could allow an authenticated, remote attacker to modify or delete tenant templates on an affected system. Th...