Is python-liquid affected by CVE-2026-45017?

PyPI python-liquid is affected in <2.2.0.

Is CVE-2026-45017 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.3%.

← Toutes les vulnérabilités

HIGHSupply chain

CVE-2026-45017

Q: Is CVE-2026-45017 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.3%.

PyPI · python-liquid

Résumé

Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.0, the built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and render

Références

https://github.com/jg-rp/liquid/security/advisories/GHSA-8p4x-wr7x-3788

Vulnérabilités liées

Tout Supply chain →

HIGHCVE-2026-52801
Gogs has the ability to import local repositories via Mirror Settings
HIGHCVE-2026-52800
Gogs Vulnerable to CSRF Leading to Organization Owner Takeover
HIGHCVE-2026-52799
Gogs Missing Authorization in Attachment Download
HIGHCVE-2026-52798
Gogs has Stored XSS in `.ipynb` Preview
MEDIUMCVE-2026-50179
@actual-app/web has CSV Formula Injection in Transaction Export via Imported Payee/Notes Fields
HIGHCVE-2026-54353
@budibase/backend-core has potential SSRF DNS rebinding bypass in outbound fetch validation