← Volver a CVEs
CVE-2021-23433
MEDIUM5.9
Descripcion
The package algoliasearch-helper before 3.6.2 are vulnerable to Prototype Pollution due to use of the merge function in src/SearchParameters/index.jsSearchParameters._parseNumbers without any protection against prototype properties. Note that this vulnerability is only exploitable if the implementation allows users to define arbitrary search patterns.
Detalles CVE
Puntuacion CVSS v3.15.9
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Vector de ataqueNETWORK
ComplejidadHIGH
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado11/19/2021
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
algolia:algoliasearch-helper
Debilidades (CWE)
CWE-1321
Referencias
https://github.com/algolia/algoliasearch-helper-js/blob/3.5.5/src/SearchParameters/index.js%23L291(report@snyk.io)
https://github.com/algolia/algoliasearch-helper-js/commit/4ff542b70b92a6b81cce8b9255700b0bc0817edd(report@snyk.io)
https://snyk.io/vuln/SNYK-JS-ALGOLIASEARCHHELPER-1570421(report@snyk.io)
https://github.com/algolia/algoliasearch-helper-js/blob/3.5.5/src/SearchParameters/index.js%23L291(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/algolia/algoliasearch-helper-js/commit/4ff542b70b92a6b81cce8b9255700b0bc0817edd(af854a3a-2127-422b-91ae-364da2661108)
https://snyk.io/vuln/SNYK-JS-ALGOLIASEARCHHELPER-1570421(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.