Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Algolia Subscribe
Filtered by product Algoliasearch-helper
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-23433 1 Algolia 1 Algoliasearch-helper 2021-11-23 6.8 MEDIUM 9.8 CRITICAL
The package algoliasearch-helper before 3.6.2 are vulnerable to Prototype Pollution due to use of the merge function in src/SearchParameters/index.jsSearchParameters._parseNumbers without any protection against prototype properties. Note that this vulnerability is only exploitable if the implementation allows users to define arbitrary search patterns.