Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
LiquidJS has a root restriction bypass for partial and layout loading through symlinked templates
Vulnerability Description
LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.3, for {% include %}, {% render %}, and {% layout %}, LiquidJS checks whether the candidate path is inside the configured partials or layouts roots before reading it. That check is path-based, not realpath-based. Because of that, a file like partials/link.liquid passes the directory containment check as long as its pathname is under the allowed root. If link.liquid is actually a symlink to a file outside the allowed root, the filesystem follows the symlink when the file is opened and LiquidJS renders the external target. So the restriction is applied to the path string that was requested, not to the file that is actually read. This matters in environments where an attacker can place templates or otherwise influence files under a trusted template root, including uploaded themes, extracted archives, mounted content, or repository-controlled template trees. This vulnerability is fixed in 10.25.3.
CVSS Information
N/A
Vulnerability Type
CWE-61
Vulnerability Title
liquidjs 安全漏洞
Vulnerability Description
liquidjs是Jun Yang个人开发者的一个简单、表达、安全且兼容 Shopify 的纯 JavaScript 模板引擎。 LiquidJS 10.25.3之前版本存在安全漏洞,该漏洞源于路径检查基于路径而非真实路径,可能导致符号链接指向外部文件时渲染外部目标。
CVSS Information
N/A
Vulnerability Type
N/A