Vulnerabilidades en harttle
13 resultadosCVE-2026-30952HIGHliquidjs has a path traversal fallback vulnerabilityEPSS 0.6%CVE-2026-34166LOWLiquidJS has a Memory Limit Bypass via Quadratic Amplification in `replace` FilterEPSS 0.5%CVE-2026-33287HIGHLiquidJS has Exponential Memory Amplification through its replace_first Filter $& PatternEPSS 0.5%CVE-2026-39859MEDIUMLiquidJS has a renderFile() / parseFile() bypass configured root and allow arbitrary file readEPSS 0.4%CVE-2026-39412MEDIUMLiquidJS has an ownPropertyOnly bypass via sort_natural filter — prototype property information disclosure through sorting side-channelEPSS 0.4%CVE-2026-33285HIGHLiquidJS: memoryLimit Bypass through Negative Range Values Leads to Process CrashEPSS 0.4%CVE-2026-35525HIGHLiquidJS has a root restriction bypass for partial and layout loading through symlinked templatesEPSS 0.4%CVE-2026-45357HIGHLiquidJS: Memory and render limit bypass via unbounded width padding in `date` filter (strftime)EPSS 0.4%CVE-2026-45617HIGHLiquidJS: ReDoS via Quadratic Backtracking in `strip_html` Filter RegexEPSS 0.4%CVE-2026-41311HIGHLiquidJS is vulnerable to Denial of Service via circular block reference in layoutEPSS 0.4%CVE-2026-44645MEDIUMLiquidJS has a renderLimit DoS guard bypass via empty `{% for %}` bodyEPSS 0.3%CVE-2026-44646MEDIUMLiquidJS: `{% render %}` tag silently bypasses per-render `ownPropertyOnly:true` via `Context.spawn()`EPSS 0.3%CVE-2026-44644MEDIUMLiquidJS's strip_html filter bypass via newline characters in HTML tags enables XSSEPSS 0.2%