CVE-2021-23433
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2021-23433
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-23433.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2021-23433
- Aliases
- Related
- Published
- 2021-11-19T20:15:17.903Z
- Modified
- 2025-11-14T11:30:31.496478Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The package algoliasearch-helper before 3.6.2 are vulnerable to Prototype Pollution due to use of the merge function in src/SearchParameters/index.jsSearchParameters._parseNumbers without any protection against prototype properties. Note that this vulnerability is only exploitable if the implementation allows users to define arbitrary search patterns.
- References
Affected packages
Git / github.com/algolia/algoliasearch-helper-js
Affected ranges
- Type
- GIT
- Repo
- https://github.com/algolia/algoliasearch-helper-js
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
1.*
1.0.0
2.*
2.0.0
2.0.0-beta
2.0.0-rc5
2.0.1
2.0.2
2.0.3
2.0.4
2.1.0
2.1.1
2.1.2
2.10.0
2.11.0
2.11.1
2.12.0
2.13.0
2.14.0
2.15.0
2.16.0
2.17.0
2.17.1
2.18.0
2.18.1
2.19.0
2.2.0
2.20.0
2.20.1
2.21.0
2.21.1
2.21.2
2.22.0
2.23.0
2.23.1
2.23.2
2.24.0
2.25.0
2.25.1
2.26.0
2.26.1
2.28.0
2.3.0
2.3.1
2.3.2
2.3.3
2.3.4
2.3.5
2.3.6
2.4.0
2.5.0
2.5.1
2.6.0
2.6.1
2.6.2
2.6.3
2.6.4
2.6.5
2.6.6
2.6.7
2.6.8
2.6.9
2.7.0
2.8.0
2.8.1
2.9.0
2.9.1
3.*
3.0.0
3.1.0
3.1.1
3.1.2
3.2.0
3.2.1
3.2.2
3.3.0
3.3.1
3.3.2
3.3.3
3.3.4
3.4.0
3.4.1
3.4.2
3.4.3
3.4.4
3.4.5
3.5.0
3.5.1
3.5.2
3.5.3
3.5.4
3.5.5
3.6.0
3.6.1