Lucene search
K

5 matches found

Github Security Blog
Github Security Blog
added 2025/09/27 6:30 a.m.8 views

algoliasearch-helper is vulnerable to Prototype Pollution in _merge()

Versions of the package algoliasearch-helper from 2.0.0-rc1 and before 3.11.2 are vulnerable to Prototype Pollution in the merge function in merge.js, which allows constructor.prototype to be written even though doing so throws an error. In the "extreme edge-case" that the resulting error is...

7.5CVSS7.2AI score0.00482EPSS
Exploits1References5Affected Software1
Snyk
Snyk
added 2023/02/12 10:39 a.m.4 views

Prototype Pollution

Overview algoliasearch-helper is a Helper for implementing advanced search features with algolia Affected versions of this package are vulnerable to Prototype Pollution in the merge function in merge.js, which allows constructor.prototype to be written even though doing so throws an error. In the...

9.8CVSS8.9AI score0.01561EPSS
Exploits2References2
vulnersOsv
vulnersOsv
added 2021/11/23 9:15 p.m.5 views

@4c/docusaurus-preset (>=0.2.4 <=0.3.2), @acornellier/react-instantsearch-core (>=6.10.3 <=6.10.3-1) +339 more potentially affected by CVE-2021-23433 via algoliasearch-helper (>=0.0.0-27095c0 <=3.29.1)

algoliasearch-helper NPM version =0.0.0-27095c0, =0.2.4, =6.10.3, =6.10.3-1, =0.1.0, =6.26.1, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.2, =1.0.0, =1.1.0, =1.0.0, =1.0.0, =1.0.0-beta.1, =1.0.0-beta.9 and more Source cves: CVE-2021-23433 Source advisory: OSV:GHSA-VPF5-82C8-9V36...

9.8CVSS7.2AI score0.01561EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 2021/11/19 7:20 p.m.4 views

CVE-2021-23433

The package algoliasearch-helper before 3.6.2 are vulnerable to Prototype Pollution due to use of the merge function in src/SearchParameters/index.jsSearchParameters.parseNumbers without any protection against prototype properties. Note that this vulnerability is only exploitable if the...

9.8CVSS5.6AI score0.01561EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2021/11/19 12:0 a.m.5 views

PT-2021-15521

Name of the Vulnerable Software and Affected Versions algoliasearch-helper versions prior to 3.6.2 Description The issue arises from the use of the merge function in src/SearchParameters/index.js, specifically in the SearchParameters. parseNumbers function, without protection against prototype...

9.8CVSS6.8AI score0.01561EPSS
Exploits1References13
Rows per page
Query Builder