Algolia Search & Discovery for Magento 2 Has Untrusted Data Handling

Impact Versions of the Algolia Search & Discovery extension for Magento 2 prior to 3.17.2 and 3.16.2 contain a vulnerability where data read from the database was treated as a trusted source during job execution. If an attacker is able to modify records used by the extension’s indexing queue, thi...

GHSA-595P-G7XC-C333 Algolia Search & Discovery for Magento 2 Has Untrusted Data Handling

Impact Versions of the Algolia Search & Discovery extension for Magento 2 prior to 3.17.2 and 3.16.2 contain a vulnerability where data read from the database was treated as a trusted source during job execution. If an attacker is able to modify records used by the extension’s indexing queue, thi...

Arbitrary Code Injection

Overview algolia/algoliasearch-magento-2 is an Algolia Search & Discovery extension for Magento 2 Affected versions of this package are vulnerable to Arbitrary Code Injection via the job execution process. An attacker can execute arbitrary PHP code by injecting malicious data into the database...

Algolia Search & Discovery for Magento 2 Has Untrusted Data Handling

Versions of the Algolia Search & Discovery extension for Magento 2 prior to 3.17.2 and 3.16.2 contain a vulnerability where data read from the database was treated as a trusted source during job execution. If an attacker is able to modify records used by the extension’s indexing queue, this could...