18 matches found
EUVD-2021-2399
Malware in sbrugna...
CVE-2025-3193
Versions of the package algoliasearch-helper from 2.0.0-rc1 and before 3.11.2 are vulnerable to Prototype Pollution in the merge function in merge.js, which allows constructor.prototype to be written even though doing so throws an error. In the "extreme edge-case" that the resulting error is...
@arcblock/gatsby-theme-docs (>=5.7.0 <=7.34.5), @changeinc/components (>=1.0.4 <=1.0.20) +87 more potentially affected by CVE-2025-3193 via algoliasearch-helper (>=2.13.0 <=2.2.0)
algoliasearch-helper NPM version =2.13.0, =5.7.0, =1.0.4, =1.0.4, =1.0.0, =2.2.1-custom, =0.0.7, =0.1.2, =0.1.4, =0.2.3, =0.2.1, =0.0.1, =2.0.0, =0.0.0, =1.9.0, =1.0.0, =1.4.2 and more Source cves: CVE-2025-3193 Source advisory: OSV:GHSA-529Q-4J3P-7C5R...
GHSA-529Q-4J3P-7C5R algoliasearch-helper is vulnerable to Prototype Pollution in _merge()
Versions of the package algoliasearch-helper from 2.0.0-rc1 and before 3.11.2 are vulnerable to Prototype Pollution in the merge function in merge.js, which allows constructor.prototype to be written even though doing so throws an error. In the "extreme edge-case" that the resulting error is...
CVE-2025-3193
Versions of the package algoliasearch-helper from 2.0.0-rc1 and before 3.11.2 are vulnerable to Prototype Pollution in the merge function in merge.js, which allows constructor.prototype to be written even though doing so throws an error. In the "extreme edge-case" that the resulting error is...
CVE-2025-3193
Versions of the package algoliasearch-helper from 2.0.0-rc1 and before 3.11.2 are vulnerable to Prototype Pollution in the merge function in merge.js, which allows constructor.prototype to be written even though doing so throws an error. In the "extreme edge-case" that the resulting error is...
CVE-2025-3193
Versions of the package algoliasearch-helper from 2.0.0-rc1 and before 3.11.2 are vulnerable to Prototype Pollution in the merge function in merge.js, which allows constructor.prototype to be written even though doing so throws an error. In the "extreme edge-case" that the resulting error is...
CVE-2025-3193
The CVE-2025-3193 entry concerns algoliasearch-helper versions 2.0.0-rc1 through 3.11.2 (and earlier) with a Prototype Pollution in the _merge() function of merge.js. The underlying issue allows modification of constructor.prototype and, in an extreme edge-case where the resulting error is caught...
CVE-2025-3193
Versions of the package algoliasearch-helper from 2.0.0-rc1 and before 3.11.2 are vulnerable to Prototype Pollution in the merge function in merge.js, which allows constructor.prototype to be written even though doing so throws an error. In the "extreme edge-case" that the resulting error is...
algoliasearch-helper 安全漏洞
algoliasearch-helper is an open source JavaScript module from Algolia that helps you keep track of search parameters and provides a higher level API. A security vulnerability exists in algoliasearch-helper version 2.0.0-rc1 through versions prior to 3.11.2, which stems from prototype contaminatio...
Prototype Pollution
algoliasearch-helper is vulnerable to prototype pollution. The merge function fails to validate the Object key values when users are able to define arbitrary search patterns, allowing attackers to perform prototype pollution attacks by modifying attributes such as proto...
Prototype Pollution in algoliasearch-helper
The package algoliasearch-helper before 3.6.2 are vulnerable to Prototype Pollution due to use of the merge function in src/SearchParameters/index.jsSearchParameters.parseNumbers without any protection against prototype properties. Note that this vulnerability is only exploitable if the...
GHSA-VPF5-82C8-9V36 Prototype Pollution in algoliasearch-helper
The package algoliasearch-helper before 3.6.2 are vulnerable to Prototype Pollution due to use of the merge function in src/SearchParameters/index.jsSearchParameters.parseNumbers without any protection against prototype properties. Note that this vulnerability is only exploitable if the...
CVE-2021-23433
The package algoliasearch-helper before 3.6.2 are vulnerable to Prototype Pollution due to use of the merge function in src/SearchParameters/index.jsSearchParameters.parseNumbers without any protection against prototype properties. Note that this vulnerability is only exploitable if the...
CVE-2021-23433 Prototype Pollution
The package algoliasearch-helper before 3.6.2 are vulnerable to Prototype Pollution due to use of the merge function in src/SearchParameters/index.jsSearchParameters.parseNumbers without any protection against prototype properties. Note that this vulnerability is only exploitable if the...
CVE-2021-23433
CVE-2021-23433 affects the JavaScript package algoliasearch-helper, specifically versions before 3.6.2. The vulnerability arises from a Prototype Pollution risk in the merge path used by SearchParameters (src/SearchParameters/index.js) via the merge function in _parseNumbers, with no protection a...
algoliasearch-helper 安全漏洞
algoliasearch-helper is an open source JavaScript module that helps you keep track of search parameters and provides a higher level API. A security vulnerability exists in algoliasearch-helper, which stems from the package algoliassearch -helper prior to 3.6.2, as parseNumbers has no protection f...
Prototype Pollution
Overview algoliasearch-helper is a Helper for implementing advanced search features with algolia Affected versions of this package are vulnerable to Prototype Pollution due to use of the merge function in src/SearchParameters/index.jsSearchParameters.parseNumbers without any protection against...