{"id":"GHSA-45rm-2893-5f49","summary":"liquidjs may leak properties of a prototype","details":"The package liquidjs before 10.0.0 is vulnerable to Information Exposure when `ownPropertyOnly` parameter is set to `False`, which results in leaking properties of a prototype. Workaround For versions 9.34.0 and higher, an option to disable this functionality is provided.","aliases":["CVE-2022-25948"],"modified":"2025-04-14T22:08:07Z","published":"2022-12-22T06:30:15Z","database_specific":{"severity":"MODERATE","github_reviewed_at":"2022-12-22T20:03:15Z","nvd_published_at":"2022-12-22T05:15:00Z","cwe_ids":["CWE-200"],"github_reviewed":true},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25948"},{"type":"WEB","url":"https://github.com/harttle/liquidjs/issues/454"},{"type":"WEB","url":"https://github.com/harttle/liquidjs/commit/7e99efc5131e20cf3f59e1fc2c371a15aa4109db"},{"type":"WEB","url":"https://github.com/harttle/liquidjs/commit/7eb621601c2b05d6e379e5ce42219f2b1f556208"},{"type":"PACKAGE","url":"https://github.com/harttle/liquidjs"},{"type":"WEB","url":"https://groups.google.com/u/0/a/snyk.io/g/report/c/9ipXecWRtTM/m/IgLadevtCQAJ"},{"type":"WEB","url":"https://security.snyk.io/vuln/SNYK-JS-LIQUIDJS-2952868"}],"affected":[{"package":{"name":"liquidjs","ecosystem":"npm","purl":"pkg:npm/liquidjs"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"10.0.0"}]}],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/12/GHSA-45rm-2893-5f49/GHSA-45rm-2893-5f49.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}]}