liquidjs@8.4.1 vulnerabilities

A simple, expressive and safe Shopify / Github Pages compatible template engine in pure JavaScript.

Direct Vulnerabilities

Known vulnerabilities in the liquidjs package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Information Exposure

liquidjs is an A simple, expressive, safe and Shopify compatible template engine in pure JavaScript.

Affected versions of this package are vulnerable to Information Exposure when ownPropertyOnly parameter is set to False, which results in leaking properties of a prototype.

How to fix Information Exposure?

Upgrade liquidjs to version 10.0.0 or higher.