Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
liquidjs has a path traversal fallback vulnerability
Vulnerability Description
liquidjs is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.0, the layout, render, and include tags allow arbitrary file access via absolute paths (either as string literals or through Liquid variables, the latter require dynamicPartials: true, which is the default). This poses a security risk when malicious users are allowed to control the template content or specify the filepath to be included as a Liquid variable. This vulnerability is fixed in 10.25.0.
CVSS Information
N/A
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
liquidjs 路径遍历漏洞
Vulnerability Description
liquidjs是Jun Yang个人开发者的一个简单、表达、安全且兼容 Shopify 的纯 JavaScript 模板引擎。 liquidjs 10.25.0之前版本存在路径遍历漏洞,该漏洞源于layout、render和include标签允许通过绝对路径访问任意文件,可能导致安全风险。
CVSS Information
N/A
Vulnerability Type
N/A