2 matches found
CVE-2025-3193
Versions of the package algoliasearch-helper from 2.0.0-rc1 and before 3.11.2 are vulnerable to Prototype Pollution in the merge function in merge.js, which allows constructor.prototype to be written even though doing so throws an error. In the "extreme edge-case" that the resulting error is...
CVE-2025-3193
The CVE-2025-3193 entry concerns algoliasearch-helper versions 2.0.0-rc1 through 3.11.2 (and earlier) with a Prototype Pollution in the _merge() function of merge.js. The underlying issue allows modification of constructor.prototype and, in an extreme edge-case where the resulting error is caught...