Tag
critical
advisory
LiquidJS Remote Code Execution Vulnerability
2 rules 1 TTPA remote code execution vulnerability exists in LiquidJS versions prior to 10.26.0, where crafted templates can execute arbitrary code by manipulating the `valueOf` filter and leveraging function calls via a comparable gadget.
liquidjs
rce
template-injection
2r
1t
critical
advisory
LiquidJS replace_first Filter Exponential Memory Amplification DoS
2 rules 1 TTPThe `replace_first` filter in LiquidJS is vulnerable to exponential memory amplification due to its use of JavaScript's `String.prototype.replace()` and mishandling of the `$&` backreference pattern, allowing attackers to bypass the `memoryLimit` and cause denial of service.
liquidjs
denial-of-service
memory-amplification
2r
1t
medium
advisory
liquidjs Denial of Service via Circular Block Reference
2 rules 1 TTPA vulnerability in liquidjs versions prior to 10.25.7 allows for denial of service due to a circular block reference in the layout, causing an infinite recursive loop that exhausts memory and crashes the Node.js process.
liquidjs
denial-of-service
template-injection
2r
1t