Information Disclosure

2022-12-2304:42:17

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

liquidjs

information disclosure

vulnerability

readproperty function

context.ts

ownpropertyonly parameter

0.001 Low

EPSS

Percentile

48.0%

JSON

liquidjs is vulnerable to information disclosure. The vulnerability exists in the readProperty function in context.ts, which will result in leaking properties of a prototype when the ownpropertyonly parameter is set to false.

CPENameOperatorVersion
liquidjsle9.43.0
liquidjsle9.43.0

CPE	Name	Operator	Version
	liquidjs	le	9.43.0
	liquidjs	le	9.43.0

References

github.com/advisories/GHSA-45rm-2893-5f49

github.com/harttle/liquidjs/commit/7e99efc5131e20cf3f59e1fc2c371a15aa4109db

github.com/harttle/liquidjs/commit/7eb621601c2b05d6e379e5ce42219f2b1f556208

github.com/harttle/liquidjs/issues/454

groups.google.com/u/0/a/snyk.io/g/report/c/9ipXecWRtTM/m/IgLadevtCQAJ

0.001 Low

EPSS

Percentile

48.0%

JSON

Related for VERACODE:38568