Vulnerability-Lookup

GHSA-8P4X-WR7X-3788

Vulnerability from github – Published: 2026-05-11 14:57 – Updated: 2026-05-11 14:57

Summary

python-liquid: Absolute paths escape filesystem loader search path

Details

Impact

The built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and render arbitrary files via the {% include %} and {% render %} tags. Targeted files would need to contain valid Liquid markup and be readable by the application process.

Patches

The issue is fixed in version 2.2.0 with the inclusion of a template_path.is_absolute() condition in liquid/builtin/loaders/file_system_loader.py.

        if os.path.pardir in template_path.parts or template_path.is_absolute():
            raise TemplateNotFoundError(template_name)

Workarounds

Create a custom template loader by inheriting from FileSystemLoader and overriding resolve_path(). Use an instance of the custom loader as the loader argument when instantiating your Liquid environment.

import os
from pathlib import Path

from liquid import Environment
from liquid import FileSystemLoader
from liquid.exceptions import TemplateNotFoundError


class MyFileSystemLoader(FileSystemLoader):
    def resolve_path(self, template_name: str) -> Path:
        template_path = Path(template_name)

        if self.ext and not template_path.suffix:
            template_path = template_path.with_suffix(self.ext)

        if os.path.pardir in template_path.parts or template_path.is_absolute():
            raise TemplateNotFoundError(template_name)

        for path in self.search_path:
            source_path = path.joinpath(template_path)
            if not source_path.exists():
                continue
            return source_path

        raise TemplateNotFoundError(template_name)


env = Environment(loader=MyFileSystemLoader("path/to/templates/"))

Severity

8.2 (High)


                  
                    CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "python-liquid"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.2.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-45017"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-11T14:57:43Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "### Impact\nThe built-in `FileSystemLoader` and `CachingFileSystemLoader` do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and render arbitrary files via the `{% include %}` and `{% render %}` tags. Targeted files would need to contain valid Liquid markup and be readable by the application process.\n\n### Patches\nThe issue is fixed in version 2.2.0 with the inclusion of a `template_path.is_absolute()` condition in `liquid/builtin/loaders/file_system_loader.py`.\n\n```python\n        if os.path.pardir in template_path.parts or template_path.is_absolute():\n            raise TemplateNotFoundError(template_name)\n```\n\n### Workarounds\n\nCreate a custom template loader by inheriting from `FileSystemLoader` and overriding `resolve_path()`. Use an instance of the custom loader as the `loader` argument when instantiating your Liquid environment. \n\n```python\nimport os\nfrom pathlib import Path\n\nfrom liquid import Environment\nfrom liquid import FileSystemLoader\nfrom liquid.exceptions import TemplateNotFoundError\n\n\nclass MyFileSystemLoader(FileSystemLoader):\n    def resolve_path(self, template_name: str) -\u003e Path:\n        template_path = Path(template_name)\n\n        if self.ext and not template_path.suffix:\n            template_path = template_path.with_suffix(self.ext)\n\n        if os.path.pardir in template_path.parts or template_path.is_absolute():\n            raise TemplateNotFoundError(template_name)\n\n        for path in self.search_path:\n            source_path = path.joinpath(template_path)\n            if not source_path.exists():\n                continue\n            return source_path\n\n        raise TemplateNotFoundError(template_name)\n\n\nenv = Environment(loader=MyFileSystemLoader(\"path/to/templates/\"))\n```",
  "id": "GHSA-8p4x-wr7x-3788",
  "modified": "2026-05-11T14:57:43Z",
  "published": "2026-05-11T14:57:43Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/jg-rp/liquid/security/advisories/GHSA-8p4x-wr7x-3788"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/jg-rp/liquid"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "python-liquid: Absolute paths escape filesystem loader search path"
}

CVE-2026-45017 (GCVE-0-2026-45017)

Vulnerability from cvelistv5 – Published: 2026-05-28 14:24 – Updated: 2026-05-28 15:57

Title

Python Liquid: Absolute paths escape filesystem loader search path

Summary

Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.0, the built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and render arbitrary files via the {% include %} and {% render %} tags. Targeted files would need to contain valid Liquid markup and be readable by the application process. This vulnerability is fixed in 2.2.0.

Severity

8.2 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Assigner

GitHub_M

References

1 reference

URL	Tags
https://github.com/jg-rp/liquid/security/advisori…	x_refsource_CONFIRM

Impacted products

1 product

Vendor	Product	Version
jg-rp	liquid	Affected: < 2.2.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-45017",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-28T15:57:04.307205Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-28T15:57:12.837Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "liquid",
          "vendor": "jg-rp",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2.2.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.0, the built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and render arbitrary files via the {% include %} and {% render %} tags. Targeted files would need to contain valid Liquid markup and be readable by the application process. This vulnerability is fixed in 2.2.0."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-28T14:24:27.928Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/jg-rp/liquid/security/advisories/GHSA-8p4x-wr7x-3788",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/jg-rp/liquid/security/advisories/GHSA-8p4x-wr7x-3788"
        }
      ],
      "source": {
        "advisory": "GHSA-8p4x-wr7x-3788",
        "discovery": "UNKNOWN"
      },
      "title": "Python Liquid: Absolute paths escape filesystem loader search path"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-45017",
    "datePublished": "2026-05-28T14:24:27.928Z",
    "dateReserved": "2026-05-08T16:58:28.895Z",
    "dateUpdated": "2026-05-28T15:57:12.837Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

PYSEC-2026-192

Vulnerability from pysec - Published: 2026-05-28 16:16 - Updated: 2026-06-03 10:54

Details

Severity

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Impacted products

Name	purl
python-liquid	pkg:pypi/python-liquid

Aliases

JSON

To clipboard

{
  "affected": [
    {
      "ecosystem_specific": {},
      "package": {
        "ecosystem": "PyPI",
        "name": "python-liquid",
        "purl": "pkg:pypi/python-liquid"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.2.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "0.10.0",
        "0.10.1",
        "0.11.0",
        "0.5.1",
        "0.5.2",
        "0.5.3",
        "0.5.5",
        "0.5.6",
        "0.6.0",
        "0.6.1",
        "0.6.2",
        "0.6.3",
        "0.6.4",
        "0.7.0",
        "0.7.1",
        "0.7.2",
        "0.7.3",
        "0.7.4",
        "0.7.5",
        "0.7.6",
        "0.7.7",
        "0.8.0",
        "0.8.1",
        "0.9.0",
        "1.0.0",
        "1.0.1",
        "1.0.2",
        "1.0.3",
        "1.1.0",
        "1.1.1",
        "1.1.2",
        "1.1.3",
        "1.1.4",
        "1.1.5",
        "1.1.6",
        "1.1.7",
        "1.10.0",
        "1.10.2",
        "1.11.0",
        "1.12.0",
        "1.12.1",
        "1.12.2",
        "1.13.0",
        "1.2.0",
        "1.2.1",
        "1.3.0",
        "1.4.0",
        "1.4.1",
        "1.4.2",
        "1.4.3",
        "1.4.4",
        "1.4.5",
        "1.4.6",
        "1.4.7",
        "1.5.0",
        "1.5.1",
        "1.6.0",
        "1.6.1",
        "1.7.0",
        "1.8.0",
        "1.8.1",
        "1.9.0",
        "1.9.1",
        "1.9.2",
        "1.9.3",
        "1.9.4",
        "2.0.0",
        "2.0.1",
        "2.0.2",
        "2.1.0"
      ]
    }
  ],
  "aliases": [
    "CVE-2026-45017",
    "GHSA-8p4x-wr7x-3788"
  ],
  "details": "Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.0, the built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and render arbitrary files via the {% include %} and {% render %} tags. Targeted files would need to contain valid Liquid markup and be readable by the application process. This vulnerability is fixed in 2.2.0.",
  "id": "PYSEC-2026-192",
  "modified": "2026-06-03T10:54:55.739943Z",
  "published": "2026-05-28T16:16:25.883Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/jg-rp/liquid/security/advisories/GHSA-8p4x-wr7x-3788"
    }
  ],
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

GHSA-8P4X-WR7X-3788

Impact

Patches

Workarounds

CVE-2026-45017 (GCVE-0-2026-45017)

PYSEC-2026-192

Tags

Sightings

Nomenclature