5 matches found
algoliasearch-helper is vulnerable to Prototype Pollution in _merge()
Versions of the package algoliasearch-helper from 2.0.0-rc1 and before 3.11.2 are vulnerable to Prototype Pollution in the merge function in merge.js, which allows constructor.prototype to be written even though doing so throws an error. In the "extreme edge-case" that the resulting error is...
Prototype Pollution
Overview algoliasearch-helper is a Helper for implementing advanced search features with algolia Affected versions of this package are vulnerable to Prototype Pollution in the merge function in merge.js, which allows constructor.prototype to be written even though doing so throws an error. In the...
@4c/docusaurus-preset (>=0.2.4 <=0.3.2), @acornellier/react-instantsearch-core (>=6.10.3 <=6.10.3-1) +339 more potentially affected by CVE-2021-23433 via algoliasearch-helper (>=0.0.0-27095c0 <=3.29.1)
algoliasearch-helper NPM version =0.0.0-27095c0, =0.2.4, =6.10.3, =6.10.3-1, =0.1.0, =6.26.1, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.2, =1.0.0, =1.1.0, =1.0.0, =1.0.0, =1.0.0-beta.1, =1.0.0-beta.9 and more Source cves: CVE-2021-23433 Source advisory: OSV:GHSA-VPF5-82C8-9V36...
CVE-2021-23433
The package algoliasearch-helper before 3.6.2 are vulnerable to Prototype Pollution due to use of the merge function in src/SearchParameters/index.jsSearchParameters.parseNumbers without any protection against prototype properties. Note that this vulnerability is only exploitable if the...
PT-2021-15521
Name of the Vulnerable Software and Affected Versions algoliasearch-helper versions prior to 3.6.2 Description The issue arises from the use of the merge function in src/SearchParameters/index.js, specifically in the SearchParameters. parseNumbers function, without protection against prototype...