- Description
- LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.4, the sort_natural filter bypasses the ownPropertyOnly security option, allowing template authors to extract values of prototype-inherited properties through a sorting side-channel attack. Applications relying on ownPropertyOnly: true as a security boundary (e.g., multi-tenant template systems) are exposed to information disclosure of sensitive prototype properties such as API keys and tokens. This vulnerability is fixed in 10.25.4.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
- Products
- liquidjs
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
- security-advisories@github.com
- CWE-200
- nvd@nist.gov
- NVD-CWE-noinfo
- Hype score
- Not currently trending
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:liquidjs:liquidjs:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "9A1F877E-F61D-4CC4-AF26-4BD0923D877E",
"versionEndExcluding": "10.25.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]