CVE-2026-39412

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.4, the sortnatural filter bypasses the ownPropertyOnly security option, allowing template authors to extract values of prototype-inherited properties through a sorting side-channel attack...

CVE-2026-39412

CVE-2026-39412 — LiquidJS : The sort_natural filter bypasses the ownPropertyOnly security option, enabling template authors to disclose values of prototype-inherited properties via a sorting side-channel. This information disclosure affects LiquidJS versions before 10.25.4; the issue is fixed in ...

CVE-2026-39412 LiquidJS has an ownPropertyOnly bypass via sort_natural filter — prototype property information disclosure through sorting side-channel

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.4, the sortnatural filter bypasses the ownPropertyOnly security option, allowing template authors to extract values of prototype-inherited properties through a sorting side-channel attack...

liquidjs 信息泄露漏洞

LiquidJS is a simple, expressive, secure, and compatible JavaScript template engine developed by Jun Yang. Versions of LiquidJS prior to 10.25.4 contained an information leakage vulnerability. This vulnerability stemmed from the sortnatural filter bypassing the ownPropertyOnly security option,...