liquidjs
14 known vulnerabilities · 0 critical · 0 high
liquidjs has a Denial of Service via circular block reference in layout
LiquidJS has Exponential Memory Amplification through its replace_first Filter $& Pattern
LiquidJS: ownPropertyOnly bypass via sort_natural filter — prototype property information disclosure through sorting side-channel
LiquidJS: `renderFile()` / `parseFile()` bypass configured `root` and allow arbitrary file read
LiquidJS Has Memory Limit Bypass via Quadratic Amplification in `replace` Filter
LiquidJS: Root restriction bypass for partial and layout loading through symlinked templates
LiquidJS: memoryLimit Bypass through Negative Range Values Leads to Process Crash
LiquidJS has a renderLimit DoS guard bypass via empty `{% for %}` body
LiquidJS's `{% render %}` tag silently bypasses per-render `ownPropertyOnly:true` via `Context.spawn()`
LiquidJS is Vulnerable to Remote Code Execution
LiquidJS Vulnerable to ReDoS via Quadratic Backtracking in `strip_html` Filter Regex
LiquidJS's strip_html filter bypass via newline characters in HTML tags enables XSS
LiquidJS has a memory and render limit bypass via unbounded width padding in `date` filter (strftime)