1Netvn

**Name of the Vulnerable Software and Affected Versions** LiquidJS versions prior to 10.25.7 **Description** A circular block reference within `{% layout %}` and `{% block %}` tags can trigger an infinite recursive loop. This occurs in the `getBlockRender()` function within `src/tags/block.ts` during OUTPUT mode; when a block is nested inside another block of the same name in a child template, the system repeatedly calls the render function without a termination condition. This process consumes all available memory (approximately 4GB), leading to a Node.js process crash with a JavaScript heap out of memory error. Consequently, any user capable of submitting a Liquid template can execute a Denial of Service attack, causing complete service disruption. **Recommendations** Update to version 10.25.7.