SecBoard
Zurück zur CVE-Übersicht

CVE-2026-55865

NONE
Risk Signal Score10/100 — NIEDRIG
  • Weniger als 24 Stunden alt

Beschreibung

Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.1, given a malformed {% case %} tag without an associated {% when %} or {% else %} block and no terminating {% endcase %} tag, Python Liquid hangs in an infinite loop at parse time because liquid.TokenStream.eof did not give the EOF token matching kind and value fields, allowing malicious template authors to craft templates for a denial of service attack. This issue is fixed in version 2.2.1.

GitHub Advisories

GHSA-vq2f-vcc9-j8mvMEDIUM

Python Liquid: Infinite loop when parsing malformed `{% case %}` tags

pip/python-liquid2.2.1
GitHub Advisory

Referenzen