8 matches found
CVE-2026-33285
LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.1, LiquidJS's memoryLimit security mechanism can be completely bypassed by using reverse range expressions e.g., 100000000..1, allowing an attacker to allocate unlimited memory. Combined wit...
GHSA-9R5M-9576-7F6X LiquidJS: memoryLimit Bypass through Negative Range Values Leads to Process Crash
Summary LiquidJS's memoryLimit security mechanism can be completely bypassed by using reverse range expressions e.g., 100000000..1, allowing an attacker to allocate unlimited memory. Combined with a string flattening operation e.g., replace filter, this causes a V8 Fatal error that crashes the...
EUVD-2022-2705
Malicious code in bioql PyPI...
GHSA-6429-3G3W-6MW5 Uncaught Exception in bignum
All versions of the npm package bignum are vulnerable to Denial of Service DoS due to a type-check exception in V8. When verifying the type of the second argument to the .powm function, V8 will crash regardless of Node try/catch blocks...
libxmljs 输入验证错误漏洞
libxmljs is the LibXML binding for node.js. All versions of the libxmljs package have an input validation error vulnerability that stems from the fact that when calling a non-buffered parameter, the V8 code will attempt to call the .toString method for that parameter. If the toString value of the...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS which will invoke the toString function of the passed parameter. If passed an invalid Function object it will throw and crash the V8 engine. PoC js let sqlite3 = require'sqlite3'.verbose; let db = new...
Chrome V8 PromiseAllResolveElementClosure Element Confusion Vulnerability
Exploit for multiple platform in category dos / poc Chrome: V8: PromiseAllResolveElementClosure can cause elements kind confusion The Promise.all method internally uses PromiseAllResolveElementClosure...
Fedora 21 : nodejs-0.10.32-1.fc21 / v8-3.14.5.10-14.fc21 (2014-11132)
This update provides the latest stable version of Node.js and corresponding backports to the v8 package. This update resolves CVE-2013-6668, which has only a minor impact since Node.js is not typically used to execute untrusted JavaScript. For more information on the fixed vulnerability, please s...