LiquidJS has Exponential Memory Amplification through its replace_first Filter $& Pattern
Description
LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.1, the replace_first filter in LiquidJS uses JavaScript's String.prototype.replace() which interprets $& as a back reference to the matched substring. The filter only charges memoryLimit for the input string length, not the amplified output. An attacker can achieve exponential memory amplification (up to 625,000:1) while staying within the memoryLimit budget, leading to denial of service. Version 10.25.1 patches the issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
In LiquidJS <10.25.1, the replace_first filter's use of JavaScript's String.replace() with $& backreference enables exponential memory amplification and denial of service.
Vulnerability
The replace_first filter in LiquidJS (versions prior to 10.25.1) delegates to JavaScript's native String.prototype.replace() [1]. This method interprets special replacement patterns, including $& which inserts the entire matched substring. The filter only deducts the input string length from the memoryLimit budget, neglecting the potentially amplified output size [1].
Exploitation
An attacker can craft a template that repeatedly applies replace_first with a replacement string containing multiple $& copies. Each application multiplies the string size, while the memory limit only grows linearly with input length. The advisory demonstrates a five-stage attack where a 1-byte input produces a 312.5 MB output after chaining, with only ~6.38 MB charged to the memory limit—a 625,000:1 amplification factor [1]. No authentication is required; any user who can submit LiquidJS templates can trigger the DoS.
Impact
Successful exploitation leads to uncontrolled memory consumption, causing denial of service for the server or application using LiquidJS. The vulnerability is confined to replace_first; sibling filters replace and replace_last are not affected because they use different internal methods [1].
Mitigation
Version 10.25.1 patches the issue by replacing String.replace() with a callback function that treats the replacement string as literal, preventing $& expansion. The commit also adjusts memory limit accounting to include the replacement string length [3].
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
liquidjsnpm | <= 10.24.0 | — |
Affected products
2- harttle/liquidjsv5Range: < 10.25.1
Patches
135d523026345fix: treat args for replace_first as literal
1 file changed · +3 −5
src/filters/string.ts+3 −5 modified@@ -146,18 +146,16 @@ export function replace_first (this: FilterImpl, v: string, arg1: string, arg2: arg1 = stringify(arg1) arg2 = stringify(arg2) this.context.memoryLimit.use(str.length + arg1.length + arg2.length) - return str.replace(arg1, arg2) + return str.replace(arg1, () => arg2) } export function replace_last (this: FilterImpl, v: string, arg1: string, arg2: string) { const str = stringify(v) - this.context.memoryLimit.use(str.length) const pattern = stringify(arg1) - this.context.memoryLimit.use(pattern.length) + const replacement = stringify(arg2) + this.context.memoryLimit.use(str.length + pattern.length + replacement.length) const index = str.lastIndexOf(pattern) if (index === -1) return str - const replacement = stringify(arg2) - this.context.memoryLimit.use(replacement.length) return str.substring(0, index) + replacement + str.substring(index + pattern.length) }
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4- github.com/advisories/GHSA-6q5m-63h6-5x4vghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-33287ghsaADVISORY
- github.com/harttle/liquidjs/commit/35d523026345d80458df24c72e653db78b5d061dghsax_refsource_MISCWEB
- github.com/harttle/liquidjs/security/advisories/GHSA-6q5m-63h6-5x4vghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.