RSS   Vulnerabilities for 'Algoliasearch-helper'   RSS

2021-11-19
 
CVE-2021-23433

CWE-915
 

 
The package algoliasearch-helper before 3.6.2 are vulnerable to Prototype Pollution due to use of the merge function in src/SearchParameters/index.jsSearchParameters._parseNumbers without any protection against prototype properties. Note that this vulnerability is only exploitable if the implementation allows users to define arbitrary search patterns.

 


Copyright 2021, cxsecurity.com

 

Back to Top